rpms
/
polkit
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Allow pid=-1 for PolkitUnixProcess to prevent 'critical' 

Resolves https://gitlab.freedesktop.org/polkit/polkit/commit/c05472b8622
This commit is contained in:
Jan Rybar 2019-02-06 14:19:20 +01:00
parent 15bc32c5ba
commit a726824204
2 changed files with 52 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
Allow-uid-of-1-for-a-PolkitUnixProcess.patch Normal file
View File

@ -0,0 +1,47 @@
From 783ec80ec1b4d8f1dc20a2a41dfaddbc1c3f5ab2 Mon Sep 17 00:00:00 2001
From: Matthew Leeds <matthew.leeds@endlessm.com>
Date: Tue, 11 Dec 2018 12:04:26 -0800
Subject: [PATCH] Allow uid of -1 for a PolkitUnixProcess
Commit 2cb40c4d5 changed PolkitUnixUser, PolkitUnixGroup, and
PolkitUnixProcess to allow negative values for their uid/gid properties,
since these are values above INT_MAX which wrap around but are still
valid, with the exception of -1 which is not valid. However,
PolkitUnixProcess allows a uid of -1 to be passed to
polkit_unix_process_new_for_owner() which means polkit is expected to
figure out the uid on its own (this happens in the _constructed
function). So this commit removes the check in
polkit_unix_process_set_property() so that new_for_owner() can be used
as documented without producing a critical error message.
This does not affect the protection against CVE-2018-19788 which is
based on creating a user with a UID up to but not including 4294967295
(-1).
---
src/polkit/polkitunixprocess.c | 9 ++-------
1 file changed, 2 insertions(+), 7 deletions(-)
diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c
index 78d7251..289a82e 100644
--- a/src/polkit/polkitunixprocess.c
+++ b/src/polkit/polkitunixprocess.c
@@ -228,14 +228,9 @@ polkit_unix_process_set_property (GObject *object,
polkit_unix_process_set_pid (unix_process, g_value_get_int (value));
break;
- case PROP_UID: {
- gint val;
-
- val = g_value_get_int (value);
- g_return_if_fail (val != -1);
- polkit_unix_process_set_uid (unix_process, val);
+ case PROP_UID:
+ polkit_unix_process_set_uid (unix_process, g_value_get_int (value));
break;
- }
case PROP_START_TIME:
polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value));
--
2.14.5

6
polkit.spec
View File

@ -6,7 +6,7 @@
Summary: An authorization framework
Name: polkit
Version: 0.115
Release: 2.1%{?dist}
Release: 2.2%{?dist}
License: LGPLv2+
URL: http://www.freedesktop.org/wiki/Software/polkit
Source0: http://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.gz
@ -15,6 +15,7 @@ Group: System Environment/Libraries
Patch1: CVE-2018-19788.patch
Patch2: start_time-reuse-exploit.patch
Patch3: Allow-uid-of-1-for-a-PolkitUnixProcess.patch
BuildRequires: gcc-c++
BuildRequires: glib2-devel >= 2.30.0
@ -179,6 +180,9 @@ exit 0
%{_libdir}/girepository-1.0/*.typelib
%changelog
* Wed Feb 06 2019 Jan Rybar <jrybar@redhat.com> - 0.115-2.2
- Allow pid=-1 for PolkitUnixProcess to prevent 'critical'
* Wed Jan 09 2019 Jan Rybar <jrybar@redhat.com> - 0.115-2.1
- Fix of start_time reuse exploit (slowfork)