> pkexec is installed by default on all major Linux distributions (we
exploited Ubuntu, Debian, Fedora, CentOS, and other distributions are
probably also exploitable);
I don't find it on any of the servers I manage, it appears to be installed with graphical desktop only?
Probably, It is used in things like NetworkManager. Which is used by almost all desktop environment.
In these desktop environments. Polkit is used to gating any remote process from accessing network state related functions (or anything that are not supposed to do remotely).
For example, you can use `nmcli` on the desktop or system termional(Alt+f1~f7) to disconnect the network or change to use other pppoe even you are not currently root(not using sudo to elevate the permission).
But if you try to call `nmcli` through ssh? No, No , No, Polkit will gate you from doing so.
So why do it like this instead of simply having PAM add a group (or not) depending on ash service one is logging into, and making authorization decision based on that group?
Groups are not granular enough. `pkaction` lists 315 different actions on the system where I just ran it. You'd need 315 groups to begin to reflect that level of granularity...
Groups are also not dynamic enough. When evaluating these rules, one of the inputs is whether the client requesting the action is a member of no session at all, or an inactive console session, or an active console session. You can't represent these with groups because you can't grant/revoke group membership to a process while it's running. (A process with a group membership can also stash away a setgid executable that can be used by the user to regain access to a group that they've been removed from later on, so it's not even possible to cast-iron-guarantee that access to a group has been revoked without inspecting the filesystem...)
I wouldn't suggest giving those permissions to your user because it opens up the possibility of a denial of service. With those permissions, any program running as your user can spawn lots of realtime threads that can take over the scheduler and lock the system up. This was detailed in the rtkit announcement, and preventing it is the reason rtkit exists: http://lalists.stanford.edu/lad/2009/06/0191.html
Maybe realtime audio is not important to you, and that's fine. But it's never as simple as "delete these things and now I have a secure system", you may be trading off security elsewhere to get that. Please also note that pkexec is not required to use polkit. You can remove pkexec and still have a functioning polkit installation and still use all those other daemons too. For a really secure system you may want to remove all suid binaries anyway and only use polkit or SELinux or something.
Nothing fake about it? That is one of the actions that RealtimeKit allows clients to request:
$ pkaction --action-id org.freedesktop.RealtimeKit1.acquire-high-priority --verbose org.freedesktop.RealtimeKit1.acquire-high-priority:
description: Grant high priority scheduling to a user process
message: Authentication is required to grant an application high priority scheduling
vendor: Lennart Poettering
vendor_url:
icon:
implicit any: no
implicit inactive: yes
implicit active: yes
In the default configuration that will be granted to clients that are part of a local console session, but denied to clients that are not (e.g., batch jobs, SSH). That policy can be further customized by the OS vendor, organization, site, or local admin in quite a flexible way.
Policykit's sole purpose is to provide an abstraction to let modern X server applications press a suspend or power off button. It's the same kind of garbage as DBus. The modern Linux desktop is absurd.
Yes, this is exactly why I don't run any of this crap on my distro. No dbus, no polkit, no systemd, nothing. Computer security is already enough of a nightmare without all this crap added on and linked in to everything.
Some programs can be configured to run without it. Others require patching to remove it. Some patches are trivial, others not so much. I've done a lot of patching, with still more required to get other applications running that I want to use. At some point I'm planning to build a "dummy" dbus library that can be linked against but actually does nothing at all, but I haven't gotten around to it yet.
Has bugs, is way too complex for the given functionality, and is completely unneeded in the first place--yes, get rid of the damn thing. Unless of course you enjoy getting "your" system OWNED and dominated by bad actors.
My custom distro beats the brakes off junkware like Ubuntu and (lol) Windows in startup time and responsiveness, and has all of the functionality I need, with half the code and as a result much fewer gaping security holes.
Computer security is an absolute nightmare these days. Intelligent people should be simplifying things and stripping everything down to the bare minimum, instead of stacking more crud on top of endless crud.
Those who fail to SECURE their systems and workflows will one day in the near future be surprised as shit to find that the entire "cloud" has been hacked and destroyed by worms and their system trashed right along with it. At that time, the world will be divided into two camps: computer owners (me and my kind) and non computer owners (everyone else.)
Who cares? If you don't take computer security seriously, you won't be computing much longer. Before it's over with, mine will be the only opinion still in existence. It's called "natural selection."
>is way too complex for the given functionality, and is completely unneeded in the first place--yes, get rid of the damn thing. Unless of course you enjoy getting "your" system OWNED and dominated by bad actors.
This is a rather nonsense statement. Polkit (or something like it) is needed if you want to have those macOS-style "program A wants to have permission to access privileged resource B" security prompts in the GUI. It's about as complicated as any similar solution needs to be for that use case. Perhaps you find these to be annoying and you disable them so they always succeed, but with that you've effectively given every program permanent suid root access. Definitely simpler, but can you say it's less of a security nightmare? I wouldn't. Yes there are risks of vulnerabilities in any security layer, but without them you've got no security layer at all.
If those checks always fail, you've now lost that functionality to do anything requiring elevated permissions and made your system less useful. You could get it back by installing a suid root tool like sudo/doas but that opens the same hole again that elevates these problems from a crash into a CVE.
I don't want or need popup permission prompts. If something needs to run as root, I run it as root from the console, as God intended. In the process I am assuredly avoiding all sorts of potential security vulnerabilities, such as this polkit code which is not installed on my system. Now get off my lawn.
Computer security really isn't THAT much of a nightmare for an average user. How many people do you know that got hacked lately, for any reason other than not using 2FA, or installing random garbage?
If you don't own cryptocurrency(That is more critical because it can't be reversed), you're probably way more at risk for physical theft than cyber crime.
In fact I think we are more secure than ever before because browser sandboxing actually works worth a crap, unlike 10 or so years ago.
The more you strip out of a system, the more manual work you need to do, and the closer you get to just a fancy version of a pencil. Technically, every line of code is a security risk.
But a lot of things just... are barely worth it when ultra simplified, and you start spending more time than you save at a certain point.
This bug is pretty bad, and I could see distros getting rid of it, but only with plenty of thought and analysis and maybe a replacement. They clearly put it there for a reason. Lots of stuff seems to need it.
And unless you use sandboxing or multiple accounts for different things.... if you have attackers running as your user, you are already screwed.
You're part of the second group I mentioned: the one that won't be computing much longer.
> Computer security really isn't THAT much of a nightmare for an average user.
"Average user" and "common idiot" are one and the same. Common idiots never see danger coming until it's too late.
> How many people do you know that got hacked lately, for any reason other than not using 2FA, or installing random garbage?
It's not about what has happened, it's about what easily CAN happen, and therefore WILL.
By the way, 2fa being forced down everyone's throat is not for your benefit. Notice how they never will allow you to use a voip number for 2fa? How could TPTB track your every move via GPS if you use voip?
> If you don't own cryptocurrency(That is more critical because it can't be reversed), you're probably way more at risk for physical theft than cyber crime.
LOL. Crypto is a scam. Bitcoin is going to crash to zero, and you're going to lose everything. Next TPTB will introduce their own Officially Approved digital currency, which is specially designed so that your account can be locked or restricted or emptied with the click of a mouse button, and so that you cannot possibly ever avoid any taxes.
You've got some tough lessons to learn about how the world works.
Meanwhile my use of physical, hard currency will keep me free and at liberty forever.
> In fact I think we are more secure than ever before because browser sandboxing actually works worth a crap, unlike 10 or so years ago.
If by "secure" you mean "in Google's firm grasp", you are correct. If you really meant "in control over your own computer", no, you are not.
Try patching Chromium to remove all the spyware and malware as I have done, and note how you and your browser are now treated as Enemies of the State by the Big Corp controlled internet.
> The more you strip out of a system, the more manual work you need to do
Freedom isn't free, nor is security.
> But a lot of things just... are barely worth it when ultra simplified, and you start spending more time than you save at a certain point
How would you know? You've never even tried to escape from the Goolag.
My system beats the brakes off yours in virtually every metric, especially speed and security, and has been worth every hour spent working on it.
> if you have attackers running as your user, you are already screwed.
You mean like the attackers you willingly give root access to your machine by allowing them to regularly stream arbitrary binary code to "your" (their) computer, and regular user access via metrics and update checks and every other sort of outgoing network connection on their schedule and not yours, any one of which could trigger a buffer overflow and code injection event? Yes, you are screwed six ways from Sunday.
If the world ever gets bad enough that I have to hide from Google and TPTB, your customized system will probably be contraband. In which case, I wouldn't want something like that, because I... don't want to go to jail, and I am rather certain they could find out if they wanted to.
Probably by machine learning looking for houses with an absence of pings to certain servers and using old fashioned police work from there.
Keeping that scenario from ever happening is a political issue. Perhaps it is in part technical too, but ultimately, people should not have to live like fugitives. For the same reason they shouldn't have to wear a guy fawkes mask in public.
And if someone does need to, they probably don't consider themselves to be free.
I may have never tried to get away from Google, but we did grow up poor enough to not have the latest tech for quite a long time.
It would be nice if it was possible and convenient, but a lot of things are still way behind.
When you add up all the details... it's probably more of a luxury than being rich in the gilded age, and it's accessible even to people like me who don't even make minimum wage when you take into account all the Ubers and Lyfts and crap.
With simple technology, one mistake and it's all gone. It doesn't help you out at all. Remember how this stuff was done 15 years ago? Nobody ever would trust computers for anything important. We all used pens and paper every day.
Every person I know who cares about privacy seems to need tons more analog tech than I do.
Lose your phone? Too bad, there was no Google page with which to track it and remote control it. Lose your wallet? Hope someone turns it in. There was no Tile.
Cooking and need to set a timer? Better wash your hands first and be careful not to forget in the time it takes to do so, or you'll make a mess and transfer germs when you touch the timer.
It would be a LOT of work to set up replacements for all of this while preserving privacy.
These things are only a few minutes per day, but collectively they are a big lifestyle change.
Eventually, open source will catch up. But it is slowed down by the fact that the FOSS community.... likes to shit on such things and doesn't want them to exist at all, and prefers ongoing manual involvement, and shits on most zero conf stuff, because they're so absolutist about security and minimalism.
You don't have Firefox or any browser? How are you posting? W3m? I would imagine that these have an enormous amount of bugs and security issues if parts of basic Linux programs are riddled enough with them by your standards.
That's worked pretty well e.g. for OpenBSD. Their code isn't perfect, but they've evaded lots of bullets simply by removing things they don't deem necessary.
I think I've evaded many bullets exactly the same way.
More code and more complexity -> more bugs, more holes. It's pretty simple.
A bunch of things on a modern desktop linux system depend on it. Disregard what the user you replied to said, as polkit is a system to delegate elevated permission grants from GUI applications.
A GUI sudo if you will, with XML and javascript code for its configuration files.
I'm not near my computer, but I would guess pipewire (as it usually runs within the users session) might rely on it to access the sound hardware without needing to run as root. But just guessing.
The only things on my system that depend on it are pipewire and xorg-x11-drv-intel (which I don't need). It doesn't sound like you should need a GUI sudo with XML and Javascript for audio..
PolicyKit is an application-level toolkit for defining and handling the policy
that allows unprivileged processes to speak to privileged processes, in order to
grant some user the right to perform some tasks in some situations. It is
sometimes referred to as "the sudo of systemd".
Sample uses:
Let the user Hibernate and shutdown the computer.
Let the user manage (Wireless) connections.
Let the user mount/eject a removable media (CD/DVD, USB keys...)
Let the user access devices, like audio, scanner, etc.
We already had a solution for this before: you add the user to the 'audio' group. And SELinux could do this too. But apparently RedHat just wanted another layer (https://lwn.net/Articles/258592/).
"This is better than groups and setgid processes, because it means someone can't log in over ssh and mess with another user at the console." - Because that's what desktop users are really concerned about. We need more complexity because somebody might hax0r my desktop over SSH.
And, wow, they really actually did use XML as their configuration:
So, not only is it superfluous, it also doesn't make the user's life easier, it's super annoying to configure, everything depends on it, and now the thing intended to improve security has caused a security issue.
Creating another group every time and asking the sysadmin to add you to the group when you want a new permission is not an appropriate solution for the desktop. It also isn't fine grained (what if you want to only grant permission to one audio device, then you'll need to create lots of audio groups and keep track of them all) and doesn't handle the case where you want to temporarily grant privileges to some device for just one session. There is more to it than just the issue with ssh, and it's not superfluous. There is a very good reason desktops all use it.
Even though the situation described is strange to the point of having never happened in history you would still need to ask an admin to write policy to implement your interesting audio permission scheme just the same as one would need to ask an admin to add a group or you know automate the process with a gui or integrate the change in groups into updating or software installation.
I am sure that somewhere having an actual programming language available vs list of what can and can't be run with or without a password would enable some additional power in terms of control of the system but I cannot for the life of me imagine a situation where it would be all that useful.
I agree it's not particularly useful for home users, I expect most would go with the defaults provided by their distro and leave it there. This is meant for corporate deployments where sysadmins might need to write more advanced policies.
What sysadmin are desktop users having to ask for permission to use their own hardware? Even in 2001, if you had a laptop, you had access to use all it's hardware. Why wouldn't you?
How many groups do you think there are? There's only so many classes of hardware, so there's only so many groups. About 8 in total. You add the user to all of them at once. It worked just fine before polkit arrived.
Why would you want to temporarily grant privileges to hardware once? Who is trying to prevent the user from using their own hardware?
I detailed this in another comment, the reason desktops use it is to get those macOS-style permission dialogs that pop up when you try to take some privileged action. I don't think any desktop distribution wants to ask users to open a terminal and type "sudo usermod" and then log out and log back in in order to do something like setting the clock or formatting a usb drive. I don't remember this working well at all before polkit arrived either, I remember when device hotplug in Linux was really broken for this reason (and a few others). It's not reasonable to ask desktop users to edit udev rules when plugging in a new device. If it worked well at all it was because you were doing things like having a lot of suid/sgid tools or just running GUI programs as root which is a terrible idea.
>Who is trying to prevent the user from using their own hardware?
I don't understand this question. The functionality here is equivalent to sudo, you type your password to authenticate a certain action. As the sysadmin you can configure some actions to always accept or always deny, if you want.
Yes, polkit does have some overlap with sudo. What it has over sudo is a real API, programs can use it to authenticate an IPC request for an action to a privileged daemon while that daemon is running.
Why isn't the audio device owned by the logged in user? udev could easily do that.
It'd be a problem if more than one user in logged in to the local console, in a multi head environment for example. But those are rare, and already have to solve the same problem for other console related devices such as mice and keyboard.
Sorry but if you keep falling back to the terminal to do things I would say you're not really using a desktop. What's the purpose of pointing this out? Yes, you can do whatever you want in Linux by opening the terminal and typing sudo. I understand the propensity of developers to like this because we spend all day in our xterm windows anyway but this is not the way anyone else expects a desktop to work.
Just to follow this discussion a bit further: If you have a task that /really/ needs elevated privileges you could turn it into a kernel module. That's great for you if you want to do that, but will you tell everyone else to develop kernel modules for every little thing? I don't think I would. I'm happy to give the muggles a better interface.
I have no "desktop" tasks that need elevated privileges. I only use a GUI because I want to run things like a browser and a media player. If I need elevated privileges it's always a one-off job, which means I need a commandline anyway.
There's a bunch of influential people that are bent on making "Linux desktop" be something that competes effectively with Windows and MacOS. Setting aside that I don't think those are particularly desirable objectives in the first place, I simply don't see it happening. Despite their deficiencies, Windows and MacOS work better than Linux desktops.
A lot of the Linux desktop effort seems to really be "Linux laptop" - Linux support for machines that are constantly moving from one hotspot to another, and constantly having storage and other devices plugged in and unplugged. That isn't my use-case. Most of my Linux machines are servers with no GUI. The one with a GUI doesn't travel, and gets something plugged into it maybe once a month.
I realise that my usage pattern isn't universal; I was just correcting the claim that "all desktops use it". You only need one counterexample to refute such a claim.
> There's a bunch of influential people that are bent on making "Linux desktop" be something that competes effectively with Windows and MacOS.
And not necessarily with the interests of Windows or MacOS end users, but more corporate interests.
I think a lot of Windows users for example were and would still be fine with a system that is effectively a single-user desktop. A permission prompt to prevent random apps from spying on you using your microphone and camera is probably a Good Idea for the average user but all this user policy business is just pointless; users themselves should always have access to their own devices anyway, just as they would on old Windows installs where the user was typically the only user and always administrator.
And yeah, I don't like that a few people get to define what exactly constitutes a desktop for everyone. Especially if under the guise of "this is what a modern desktop requires" they're free to turn the platform into a bloated, overcomplicated mess.. exactly the kind of thing I was happy to get away from when I left proprietary operating systems behind two decades ago.
I don't understand what you mean by a few people get to define it. This stuff is used by basically every desktop environment on Linux. You have to either use it or write something very similar to it if you want to have permission prompts that actually work. They all give the option to turn it off but they still have to support it for the average user you described. Unsurprisingly, the requirements for shipping a desktop are really not that different on Linux compared to other operating systems. The users all want the same things.
From what I have seen, the amount of users that want to go back to the Windows 95 style of security are an even fewer people. You can find distros that still ship a desktop from that era but they don't seem to be for much beyond novelty.
Why would I want permission prompts? Most systems are single-user systems; if you're logged in, you're the administrator, even if you haven't yet invoked your superpowers. Arguambly you should have to confirm if you want to do something dodgy; but if all you have to do is say "Yes, thanks for the warning", then you don't need any kits.
Really, I have difficulty imagining this group of Linux users who are constantly hot-laptoping, so that they need multi-user support sprinkled all over the OS. I can see that it's useful in a pair-programming environment, where you might have a lab or workstations with a standard config; but apart from that, how often does someone else log in to a desktop/laptop computer you normally use? Or one you own?
I don't think hotdesking and hotplugging are urgent consumer requirements. I don't think the people producing this stuff are aiming it at consumers.
> or write something very similar to it
Or use what was written before, if it matches your use-case. That worked, for many people. Still does for some.
Please don't speak for everyone. It's exactly this patronizing we-know-better-than-you attitude that makes users hate their corporate software vendors.
> From what I have seen, the amount of users that want to go back to the Windows 95 style of security are an even fewer people.
I knew someone would immediately reply with this straw man as soon as they saw mention of old Windows. I said user policies are pointless for a single-user desktop. It's irrelevant whether dave and samantha can access the audio device in john's session because dave and samantha don't exist on john's personal computer and he sure ain't running an ssh daemon for them.
>Please don't speak for everyone. It's exactly this patronizing we-know-better-than-you attitude that makes users hate their corporate software vendors.
I'm not speaking of corporations here, this is basically every current desktop environment that is shipping on Linux right now. They are all either using polkit or they use something very similar to it because the idea of it (user asks to perform an action, show a prompt) is very straightforward and pretty much universal for GUIs by now. Some of them may be business-oriented but some aren't. If this doesn't fit the definition of "everyone" using desktop Linux then who else are you considering? And just to clarify, I would say using sudo with a fine-grained config is roughly equivalent to polkit, although less convenient for GUI users because it doesn't have pluggable authentication agents.
>I knew someone would immediately reply with this straw man as soon as they saw mention of old Windows. I said user policies are pointless for a single-user desktop.
This itself is a strawman though. Polkit and sudo and such are not strictly about user policies although you can use them for that.
>If I need elevated privileges it's always a one-off job, which means I need a commandline anyway.
This is why polkit actions are the way they are, so you actually have a chance of being able to encode those one-off tasks into permissions for a GUI. It's not implemented for everything that requires root, and it probably won't ever be implemented for all of it but it's a lot better than it used to be. Part of it is improving because desktops like KDE made it easier to plug in new panels to the system settings, another part is that applications started using the higher level D-Bus APIs (like udisks2, timedated, networkmanager, etc) instead of trying to access the raw devices themselves.
>There's a bunch of influential people that are bent on making "Linux desktop" be something that competes effectively with Windows and MacOS. Setting aside that I don't think those are particularly desirable objectives in the first place, I simply don't see it happening. Despite their deficiencies, Windows and MacOS work better than Linux desktops.
I don't disagree with the last part here but, companies like Canonical exist and they get paid to ship this stuff. There are customers out there who want this, and they may very well be the ones paying some money or contributing maintenance towards keeping your browser and media player working on Linux. I don't know any overarching reason why these customers would deploy Linux instead of Windows, you would have to ask them.
>I realise that my usage pattern isn't universal; I was just correcting the claim that "all desktops use it". You only need one counterexample to refute such a claim.
Sorry but I don't think any usage of the terminal is a counterexample. That's just sidestepping the desktop, you could also do that from a VT with no GUI present.
> another part is that applications started using the higher level D-Bus APIs (like udisks2, timedated, networkmanager, etc)
Not the applications that I use! The machine in question doesn't have dbus or systemd. It only has one user. That layer of complexity is of zero value to me, but it's the very devil to get rid of it all.
> Sorry but I don't think any usage of the terminal is a counterexample.
If, on Windows, you have to perform a task for which there is no pre-made GUI app you can install, then you have to run-up powershell or cmd. My case is identical. I specifically referred to one-off tasks.
It's not my use of terminals that is the counterexample; it's the fact that I run a desktop without polkit (or anything-kit).
On Windows, if there has been value in putting those tasks in a GUI in the control panel, they will do it. It's the same deal.
Yes you can technically build a system without dbus or systemd or polkit or gettext or the C library or whatever it is you feel is superfluous. As you've found it is not actually difficult to do that, just tedious and impractical. You aren't gaining anything here by removing things. If you want equivalent functionality you're now tasked with building the equivalents, e.g. Android which is also a single user userspace for Linux without dbus or systemd, but has its own fairly complex set of high level services and IPC system.
> As you've found it is not actually difficult to do that, just tedious and impractical.
That is the opposite of what I have found; I find that it's "the very devil" to remove these components. And my finding is that the presence of these components is tedious and impractical, and that their absence makes my life better.
> You aren't gaining anything here by removing things.
That is condescending.
I've used machines with these services and I've used machines without. I find it's a gain to not have them. Who are you to tell me whether I do or don't gain anything?
FTR I don't have to build anything; there are alternatives, which I use. Unfortunately these new components are more-or-less rivetted-in, which makes it hard to remove them and replace them. Screws are better than rivets.
On my systems, the 'audio' group is empty. The ACL of the audio device (and other devices with the `uaccess` tag) is adjusted by udev when the owner of the active console session changes.
(I don't know if the scheme is able to revoke access to a running process, but it's still a step up from a single, static 'audio' group).
How many Linux users really expect a hacker to 1) be on their local network, 2) find a zero-day exploit in SSH, and 3) want to eavesdrop on them? I'm pretty sure I'd get struck by lightning while attacked by a shark before that ever happened
I feel like this whole thing is driven by corporate interests. It would make sense in a context where a machine has multiple users (or: anyone at work can use their credentials on any workstation), which is not uncommon in a work environment. It seems largely irrelevant for a single-user desktop.
It irritates me that the Linux environment is constantly growing more complex to account for scenarios that are not relevant for me, and it's hard to opt out. That complexity is not zero-cost; I've been hit by many a bug (and have wasted a lot of time working around..) related to things that exist on my system yet serve no real purpose for me.
I guess it's the year of the Linux desktop when it gets corporate enough, and those who want a comfortable free operating system will be looking for alternatives :)
Sigh... Because systemd, dbus, polkit, pulseaudio, rtkit, etc are invasive weeds. Apps now depend on them exclusively so often that you have to provide some shim to replace their ABI if you don't want to use those components. I can't remember the specifics but pipewire probably only casually references it as part of a compatibility layer. In Alpine I'm pretty sure you can run pipewire without polkit but I'd have to check.
Or it could be because those libraries actually do something and users want them? I really don't get these complaints. Is the C library an "invasive weed" because C programs require an ABI compatible C library to run?
They are invasive if they somehow end up on your system even if you don't need them and didn't ask for it.
The C library is something that I actually need, unlike a GUI sudo prompt for.. audio? I don't even know what such a prompt looks like because I've never seen one.
I'm sorry, now I really don't understand. If these libraries shipped with your distro, you asked for them. If they were dependencies of a package you installed, you asked for them. It's bizarre to me that there are hundreds of Linux distros with every combination of packages you could possibly ask for and I still see this complaints. It's very likely you didn't see a prompt because your distro configured it to not require a password. If you want to configure it to require a password, the system lets you do that. This is just another choice you have.
No, I didn't ask for a fucking GUI sudo with xml and javascript and local privilege escalation to root. I asked my computer to do something as basic as play sound, something that worked for decades without GUI sudo. Developers said they want to use pulseaudio for that. Whatever, if it finally plays audio without breaking every week. I don't have time to vet every package in every distro, and I didn't know it depends on a GUI sudo.
> If these libraries shipped with your distro, you asked for them.
If a bomb ships with a package you ordered, you asked for it.
Or maybe not? Maybe I didn't ask for it but a bunch of devs decided that (quoting you) "the users all want" it and I wasn't there to keep tabs on them.
And now that I know better, yes, I am looking for alternative distros because the ones I've been using include too many things I didn't ask for.
>I asked my computer to do something as basic as play sound, something that worked for decades without GUI sudo
Sure, security also was not great for decades. I know what you mean you don't have time to vet packages, very few people have time to do that, that's usually why you'd trust a vendor to do it for you and not keep second guessing their decisions because they published and fixed a CVE.
>I am looking for alternative distros because the ones I've been using include too many things I didn't ask for.
That's great, I wish you luck. Just keep in mind, eventually if you find you want to put a security prompt on something for whatever reason (maybe you find yourself shipping something to a less technically inclined user), I expect you will circle back around to the same solutions. They're there for you to use them. At that point it becomes whether the frustration with XML and Javascript is worth rewriting it with a different configuration format and scripting language. Maybe you also want to take these tools written in C and rewrite it in Go or Rust or something, I don't know. I would not say it's worth it unless you have some really extreme requirements. This doesn't to have the most expressive DSL you can think of it, it just needs to encode some simple logic in a well-understood way.
> that's usually why you'd trust a vendor to do it for you and not keep second guessing their decisions because they published and fixed a CVE.
Yes, I'm inevitably putting some trust in vendors. Unfortunately I'm having a hard time finding vendors (especially Linux vendors) that I can trust to make decisions that I find sensible and more or less in line with my intended usage of the system.
I have some experience with OpenBSD (after using it for more than a decade on a server and a few years on a laptop), and I can say with reasonable confidence that they would have never allowed polkit to be a part of their system in the first place. Similar to how they eventually said no to kerberos and just purged it. Similar to how they've refused things like PAM. Similar to how audio kept working fine with sndio (a very simple library & daemon) while I constantly had to battle the overcomplicated audio subsystem and ever-churning daemons on Linux..
That's the kind of Linux vendor I would like: a vendor who's trying to build something simple, and not something that tries to be maximally flexible and "everything for everyone". A vendor who can make decisions and if needed, build their own thing that suits their goals instead of shipping the same things every other distro ships.
There certainly are hundreds of distros as you say, but most of them offer little more than a different coat of paint, and ship the same third-party packages with more or less the same dependencies as you would have on any other Linux distro. After you've installed the few things you need, it doesn't matter much whether the banner says Arch, Fedora, Ubuntu, or whatever (in fact I run all three right now).
Removing it won’t have a huge amount of value unless you give untrusted people shell access to your system - if your personal user is compromised they will have pretty much obtained the Crown Jewels anyway. Where this exploit is valuable to hackers is situations like escalating from the www user or similar.
I'd guess it's because pipewire needs to access real-time capabilities of the kernel to enable low-latency audio, and those are only accessible as root sadly AFAIK (thus polkit, because pipewire does not run as root so there has to be something to grant the capacity to pw)
I don't find it on any of the servers I manage, it appears to be installed with graphical desktop only?