Index: policykit-1-0.96/src/programs/pkexec.c
===================================================================
--- policykit-1-0.96.orig/src/programs/pkexec.c	2010-09-12 15:28:11.451549577 -0400
+++ policykit-1-0.96/src/programs/pkexec.c	2010-09-12 15:28:21.349307917 -0400
@@ -337,6 +337,15 @@
           goto out;
         }
     }
+  else if (g_strcmp0 (key, "DESKTOP_STARTUP_ID") == 0 || g_strcmp0 (key, "XAUTHORITY") == 0 ||
+      g_strcmp0 (key, "DBUS_SESSION_BUS_ADDRESS") == 0 || g_strcmp0 (key, "ORBIT_SOCKETDIR") == 0)
+    {
+      if (g_strcmp0 (key, "DBUS_SESSION_BUS_ADDRESS") != 0 && access (value, F_OK) != 0)
+        {
+          g_printerr ("Environment variable %s points to inaccessible file %s\n", key, value);
+	  goto out;
+        }
+    }
   else if (strstr (value, "/") != NULL ||
            strstr (value, "%") != NULL ||
            strstr (value, "..") != NULL)
@@ -398,13 +407,17 @@
      *
      * and surrounding comments for a lot of discussion about this.
      */
-#if 0
+    /* For Vinux, we've added this stuff back in.  The reason not to, refered to above,
+       is that cases where this works and doesn't aren't documented or even well known.
+       Therefore the policykit author decided to disable this feature, leaving us to require gksu
+       instead, which is broken in other ways, like not working at all when at-spi-registryd is
+       running. As pkexec seems better than pksu, enabling these variables is prefered to shipping
+       Ubuntu with gksu called in several places.  */
     "DESKTOP_STARTUP_ID",
     "DISPLAY",
     "XAUTHORITY",
     "DBUS_SESSION_BUS_ADDRESS",
     "ORBIT_SOCKETDIR",
-#endif
     NULL
   };
   GPtrArray *saved_env;