Devuan bug report logs - #269
policykit-1: CVE-2018-19788

Severity: critical;
Package: policykit-1; Reported by: Berbe <>;
Date: Sat, 8 Dec 2018 09:40:03 UTC;
merged with #268; Done: KatolaZ <>;
Maintainer for policykit-1 is (unknown).

View this report as an mbox folder.

Information forwarded to,
bug#269; Package policykit-1. Full text available.

Message sent to,

Subject: bug#269: mmhhh
Date: Sat, 8 Dec 2018 10:58:35 +0100
From: KatolaZ <>

[Reported here due to a glitch with #268]

There is no need to become root in order to use `service`:

$ /usr/sbin/service nginx status
[ ok ] nginx is running.

Even with a user with id larger than 4000000000:

$ sudo -u testpolkit /usr/sbin/service nginx stop
[....] Stopping nginx: nginxstart-stop-daemon: warning: failed to kill 2509: Operation not permitted
. ok

That's because sudo does *not* use policykit to test user privileges
(rather, it uses its own config files). So maybe this is not
applicable in this case?



Devuan BTS -- Powered by Debian bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.

Devuan Bugs Owner <>.
Last modified: Tue, 20 Aug 2019 22:26:59 UTC