search
inHTBTHM
githubEdit

Polkit

  • Polkit (PolicyKit): Authorization service in Linux for managing user permissions.

  • Controls whether a user can perform privileged actions (like mounting drives, restarting services).

hashtag
Polkit File Structure:

  • Actions/Policies:

    /usr/share/polkit-1/actions

  • Rules:

    /usr/share/polkit-1/rules.d

  • Local Authority Rules (user/group based):

    /etc/polkit-1/localauthority/50-local.d/*.pkla

hashtag
Polkit Tools:

  • pkexec → Run command as another user (like sudo)

  • pkaction → List all available polkit actions

  • pkcheck → Verify if action is authorized for a process

pkexec --version
#exploit 
pkexec -u root id
# uid=0(root) gid=0(root)

hashtag
CVE-2021-4034 (PwnKit)

PreviousMiscellaneous Techniques (NFS)NextDirty Pipe

Last updated