[SiebenHeaven]

"We do not break the userland"

[CalChris]

The actual quote is:

  WE DO NOT BREAK USERSPACE! Seriously.
  How hard is this rule to understand?
  We particularly don't break user space
  with TOTAL CRAP.

[kardos]

Indeed. But a sysctl to switch the patch on/off seems like the pragmatic solution

[josefx]

That isn't pragmatic, it silently breaks programs that rely on specified behavior just to fix one of many self inflicted security issues polkit had over the last decade.

[kardos]

The sysctl can have three settings: 0 to do nothing, 1 to emit a warning, 2 to fully enable the patch that blocks argc=0. Use 1 by default as not to break userspace, let people opt-in to 2 for the additional security

[TheRealPomax]

Which is fine: https://news.ycombinator.com/item?id=30208963 is pretty on the money here. Patch this behaviour, and fix the extremely low number of offending applications concurrently.

[colejohnson66]

What specified behavior?

[josefx]

Posix apparently explicitly allows calling programs with an empty argv, so it isn't just a Linux implementation detail Polkit failed to handle.