Arnt Gulbrandsen <arnt@???> writes:
> Steve Litt writes:
>> I repeat my question: Do you have first hand knowledge indicating that
>> polkit is any safer?
>
> No, I do not. But unlike sudo, I am not aware of any weaknesses in its
> core design either.

You wrote that sudo would keep the PATH environment variable of a user
when executing commands, hence, if these other commands in turn execute
programs found by searching in PATH, this would enable a user to run an
arbitrary programs which is correct. But this is a potentially
exploitable weakness in some other program, not in sudo itself, and if
'allow users to run arbitrary programs as root' is not what's intended,
they obviously mustn't be allowed to run programs as root which - in
turn - enable execution of arbitrary, other programs: That's no
different from any other kind of possible exploitable weakness in code
running with elevated privileges on behalf of some otherwise
unprivileged user.

And how to handle PATH is not a "core design property", it's a
configurable option and 'keep it' just the default policy.