Bugzilla – Bug 1090371
AUDIT-0: cinnamon-control-center: new polkit policy org.cinnamon.controlcenter.datetime
Last modified: 2023-04-06 15:56:00 UTC
In cinnamon-control-center 3.8.0 a new polkit policy has been added: org.cinnamon.controlcenter.datetime, causing: > cinnamon-control-center-common.noarch: E: polkit-untracked-privilege (Badness: 10000) org.cinnamon.controlcenter.datetime.configure (no:no:auth_admin_keep) The package is https://build.opensuse.org/package/show/X11:Cinnamon:Factory/cinnamon-control-center
Thank you for opening this bug. We will review this but please be aware that this will take a while due to a quite big backlog in security reviews.
I will work on this review now.
On a side note: cinnamon-control-center does not seem to be currently working currently neither on Tumbleweed nor on Leap15. All I get is a broken window with a single button "All Settings" that does nothing.
I'm finished with the review. This is another one of those badly documented use cases of polkit. cinnamon-control-center does not by itself implement any sensitive operations, but is rather a polkit client. A dialog for setting the system time and date implements an "unlock/lock" button. By default the regular user does not have permission to change the system time and date. By pressing "unlock", the polkit action org.cinnamon.controlcenter.datetime.configure will be requested from polkit for the cinnamon-control-center process. But this polkit action is rather only a kind of meta action for other polkit actions as we can see from the policy file: <annotate key="org.freedesktop.policykit.imply">org.freedesktop.timedate1.set-time org.freedesktop.timedate1.set-timezone org.freedesktop.timedate1.set-local-rtc org.freedesktop.timedate1.set-ntp</annotate> So when the action is granted it implicitly also grants all these other actions which are in turn implemented in systemd and other systemd processes. No action is performed after the meta action is granted, but cinnamon-control-center instead unlocks its time/date dialog and the user can perform the desired changes. Only when this dialog is applied will cinnamon-control-center send an actual set-time or otherwise appropriate D-Bus message to systemd or whatever it deems appropriate. Since the meta action is configured for 'auth_admin_keep', the user will not need to enter the admin password again. The cinnamon process is already authorized. The temporary authentication only lasts for half a minute or so, though, so if the user is too slow, he will still have to enter the password again. All in all this logic should be implemented safely. A shame, though, that the control-center does not seem to work at all currently as stated in comment 3. I will submit a whitelisting in short time.
The whitelisting is submitted. Please refer to the following wiki page https://en.opensuse.org/openSUSE:Package_security_guidelines#How_the_Whitelisting_Process_Works for information about when the whitelisting will become effective for you. Closing this bug as fixed.
This is an autogenerated message for OBS integration: This bug (1090371) was mentioned in https://build.opensuse.org/request/show/618495 Factory / polkit-default-privs