[Pkg-utopia-maintainers] Bug#1125141: polkitd: polkit-agent-helper-1 missing setuid bit

Sat Jan 17 13:12:51 GMT 2026

Hi polkitd maintainers,

On Fri, Jan 09, 2026 at 05:39:40PM +0000, Simon McVittie wrote:
> On Fri, 09 Jan 2026 at 18:06:17 +0100, Niklas Cathor wrote:
> > I was trying to install a package using gnome-software, which opened a dialog
> > prompting for authentication.
> > 
> > The dialog had a warning saying "Incorrect permissions on
> > /usr/lib/polkit-1/polkit-agent-helper-1 (needs to be setuid root)".
> 
> In polkitd version 127 when running under systemd, it is correct for this
> helper to *not* be setuid root, so making it setuid root is not necessarily
> the right fix.
> 
> I suspect that the problem here is:
> 
> - you recently upgraded polkitd and related packages from an older version
>   to v127 (please check /var/log/apt/ to find out)
> - you were already running gnome-software before the upgrade
> - therefore gnome-software had already loaded libpolkit-* from version
>   126 or older
> - and in those versions of polkitd, the helper *did* need to be setuid
>   root, and the libraries had a check for this
> - so when those libraries check the permissions on the helper, the
>   now-outdated check fails

I see this issue consistently on my desktop, after reboots. Does this
suggest my xfce-polkit [Cc] needs changes to be compatible with this
change?

What about "running under systemd" means this helper no longer needs to
be setuid root, so we can set about making the corresponding conditions
prevail when not running under systemd?

Thanks!

Andrew

-- System Information:
Debian Release: forky/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.18.3+deb14-amd64 (SMP w/24 CPU threads; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: sysvinit (via /sbin/init)
LSM: AppArmor: enabled

Package: polkitd
Version: 127-1

Package: xfce-polkit
Version: 0.3+v20220621-3

Versions of packages polkitd depends on:
ii  dbus [default-dbus-system-bus]                  1.16.2-2+b1
ii  libc6                                           2.42-8
ii  libduktape207                                   2.7.0-2+b3
ii  libexpat1                                       2.7.3-1
ii  libglib2.0-0t64                                 2.86.3-4
ii  libpam-elogind [logind]                         255.17-1debian3
ii  libpam0g                                        1.7.0-5
ii  libpolkit-agent-1-0                             127-1
ii  libpolkit-gobject-1-0                           127-1
ii  libsystemd0                                     259-1
ii  systemd-standalone-sysusers [systemd-sysusers]  259-1
ii  xml-core                                        0.19

Versions of packages xfce-polkit depends on:
ii  libc6                  2.42-8
ii  libglib2.0-0t64        2.86.3-4
ii  libgtk-3-0t64          3.24.51-4
ii  libpolkit-agent-1-0    127-1
ii  libpolkit-gobject-1-0  127-1
ii  libxfce4ui-2-0         4.20.2-1

Versions of packages polkitd is related to:
ii  elogind         255.17-1debian3
ii  libpam-elogind  255.17-1debian3
pn  libpam-systemd  <none>
pn  systemd         <none>