Post Syndicated from original https://lwn.net/Articles/882799/rss

By now, most readers are likely to be familiar with the Polkit vulnerability known as CVE-2021-4034.
The fix for Polkit is relatively straightforward and is being rolled out
across the net. The root of this problem, though, lies in a
misunderstanding about how programs are run on Unix-like systems. This
problem is highly likely to exist in other programs, so it would be nice to
find a more general solution. The best place to address this issue may be
in the kernel, but properly working around this
misunderstanding without causing regressions is not an easy task.