Re: Polkit
Polkit is not a mitigation of user and group based capabilities.
It completely by-passes that system for the purpose of privilege escalation, and while the filters can be as fine-grained as any setuid command, Ulrike sudoers polkit's always run as root. It's a root-kit.