Linux - cannot escalate privilege with pkexec


Recently I’ve noticed that Atom is unable to save files on which I don’t have write permissions, even though I have a PolicyKit rule that should allow full access:

polkit.addRule(function(action, subject) {
    if (subject.isInGroup("wheel")) {
        return polkit.Result.YES;

Other text editors, like Kate, can successfully save such files. Also, I remember that it worked properly in earlier versions of Atom, so it broke after one of recent updates.

I tried to investigate the issue myself and discovered that when Atom fails to save the file under the current user, it tries to escalate privilege by running “/usr/bin/pkexec /bin/dd”, but it fails with the message: “pkexec must be setuid root”. I double-checked that /usr/bin/pkexec belongs to root and has SUID flag, and I was able to execute pkexec from shell, nodeJS, and Electron5 in REPL modes.

Does Atom run in some kind of sandbox which forbids access to pkexec? If so, how can I disable such feature?