Comment 5 for bug 205037

If a user types a carefully crafted series of format strings, they can trick polkit-grant-helper into thinking the password was successful.

https://launchpad.net/bugs/205037

src/polkit-grant/polkit-grant-helper.c line 231:

                /* send to parent */
                fprintf (stdout, buf);

This should be fprintf(stdout, "%s", buf);

I also recommend adding "-Wformat -Wformat-security" to the gcc CFLAGS.