"unprivileged users with UID > INT_MAX can successfully execute any systemctl command"
@wxcafe I'm having a massive deja-vu right now. Wasn't there some other exploit around the UID that was possible in the last year and a half or so?
@spacekookie @wxcafe That bug was that services with an invalid USER= setting (e.g. with a username that started with a digit) still got started, but as root (https://github.com/systemd/systemd/issues/6237).
This one is a straight bug in polkit. I don't think there is anything that systemd can do, other than to stop using polkit entirely.