vmihalko / t2_polkit

Other
0 stars 0 forks source link

pkcheck --list-temp not work #184

Open vmihalko opened 2 years ago

vmihalko commented 2 years ago

In GitLab by @taisuishen on Nov 8, 2022, 03:29

[user@localhost root]$ echo $$
15013
[user@localhost root]$ pkcheck --action-id 'org.freedesktop.NetworkManager.settings.modify.system' --process 15013 -u
polkit\56temporary_authorization_id=tmpauthz1
polkit\56retains_authorization_after_challenge=true
[user@localhost root]$ pkcheck --list-temp

pkcheck --list-temp does not display any information even if temporary permission has been granted.

this bug first proposed in 2014 [https://access.redhat.com/errata/RHBA-2015:0692.html]

However, the final patch does not appear to include removing the --list-temp parameter or fixing this feature.[https://bugs.freedesktop.org/show_bug.cgi?id=29936]

vmihalko commented 1 year ago

In GitLab by @jrybar on Mar 28, 2023, 17:13

Just tried

$ systemctl restart sshd
 [authentication window now]
$ pkcheck --list-temp
Error opening `/proc/1175521/cmdline': Failed to open file ?/proc/1175521/cmdline?: No such file or directory
authorization id: tmpauthz0
action:           org.freedesktop.systemd1.manage-units
subject:          unix-process:1175521:112888851 (cannot read cmdline)
obtained:         2 sec ago (Tue Mar 28 17:04:51 2023)
expires:          4 min 57 sec from now (Tue Mar 28 17:09:50 2023)

pkcheck --list-temp is supposed to list temp authorization ("authorization cookies") that already exists. Are you sure your tmpauthz really existed? Maybe I just don't understand your reproducer...