Hello Kevin, thanks for the excellent GHSL-2020-161 report. Given that the polkit rules are intentional, if ancient, and the udisks2 team doesn't want to treat the symlink finding as a security bug, I'm going to open this publicly and mark it wontfix, to reflect what's likely going to happen for our currently released systems.
I do hope upstream handles the symlink discovery eventually but I can appreciate why they wouldn't want to handle it as a security issue. Thanks ** Information type changed from Private Security to Public Security ** Changed in: policykit-desktop-privileges (Ubuntu) Status: New => Won't Fix -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1899019 Title: Typo in UDisks action To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/policykit-desktop-privileges/+bug/1899019/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs