// CVE-2021-4034 - polkit privilege escalation

// Approach: intercept the main function, abort with empty argv

probe process("/usr/bin/pkexec").function("main") {
  if (cmdline_arg(1) == "")
    raise(9);
}