Compare commits
4 Commits
Author | SHA1 | Date | |
---|---|---|---|
|
13ffec06d3 | ||
|
a726824204 | ||
|
15bc32c5ba | ||
|
6fbf41703c |
13
.gitignore
vendored
13
.gitignore
vendored
@ -28,16 +28,3 @@ polkit-0.98.tar.gz
|
|||||||
/polkit-0.114.tar.gz.sign
|
/polkit-0.114.tar.gz.sign
|
||||||
/polkit-0.115.tar.gz
|
/polkit-0.115.tar.gz
|
||||||
/polkit-0.115.tar.gz.sign
|
/polkit-0.115.tar.gz.sign
|
||||||
/polkit-0.116.tar.gz
|
|
||||||
/polkit-0.116.tar.gz.sign
|
|
||||||
/polkit-0.117.tar.gz
|
|
||||||
/polkit-0.117.tar.gz.sign
|
|
||||||
/polkit-0.118.tar.gz
|
|
||||||
/polkit-0.118.tar.gz.sign
|
|
||||||
/polkit-0.120.tar.gz
|
|
||||||
/polkit-0.120.tar.gz.sign
|
|
||||||
/polkit-121.tar.gz
|
|
||||||
/polkit-121.tar.gz.sign
|
|
||||||
/polkit-121.tar.xz
|
|
||||||
/polkit-121.tar.xz.sign
|
|
||||||
/polkit-122.tar.gz
|
|
||||||
|
103
92.patch
103
92.patch
@ -1,103 +0,0 @@
|
|||||||
From 4910132853ad68dbe8f4e7710dd098120d1b9b95 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Xi Ruoyao <xry111@mengyan1223.wang>
|
|
||||||
Date: Tue, 25 Jan 2022 19:19:30 +0800
|
|
||||||
Subject: [PATCH 1/3] jsauthority: ensure to call JS_Init() and JS_ShutDown()
|
|
||||||
exactly once
|
|
||||||
|
|
||||||
Before this commit, we were calling JS_Init() in
|
|
||||||
polkit_backend_js_authority_class_init and never called JS_ShutDown.
|
|
||||||
This is actually a misusage of SpiderMonkey API. Quote from a comment
|
|
||||||
in js/Initialization.h (both mozjs-78 and mozjs-91):
|
|
||||||
|
|
||||||
It is currently not possible to initialize SpiderMonkey multiple
|
|
||||||
times (that is, calling JS_Init/JSAPI methods/JS_ShutDown in that
|
|
||||||
order, then doing so again).
|
|
||||||
|
|
||||||
This misusage does not cause severe issues with mozjs-78. However, when
|
|
||||||
we eventually port jsauthority to use mozjs-91, bad thing will happen:
|
|
||||||
see the test failure mentioned in #150.
|
|
||||||
|
|
||||||
This commit is tested with both mozjs-78 and mozjs-91, all tests pass
|
|
||||||
with it.
|
|
||||||
---
|
|
||||||
src/polkitbackend/polkitbackendjsauthority.cpp | 9 +++++++--
|
|
||||||
1 file changed, 7 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp
|
|
||||||
index ca17108..b22c34e 100644
|
|
||||||
--- a/src/polkitbackend/polkitbackendjsauthority.cpp
|
|
||||||
+++ b/src/polkitbackend/polkitbackendjsauthority.cpp
|
|
||||||
@@ -75,6 +75,13 @@
|
|
||||||
|
|
||||||
/* ---------------------------------------------------------------------------------------------------- */
|
|
||||||
|
|
||||||
+static class JsInitHelperType
|
|
||||||
+{
|
|
||||||
+public:
|
|
||||||
+ JsInitHelperType() { JS_Init(); }
|
|
||||||
+ ~JsInitHelperType() { JS_ShutDown(); }
|
|
||||||
+} JsInitHelper;
|
|
||||||
+
|
|
||||||
struct _PolkitBackendJsAuthorityPrivate
|
|
||||||
{
|
|
||||||
gchar **rules_dirs;
|
|
||||||
@@ -589,7 +596,6 @@ polkit_backend_js_authority_finalize (GObject *object)
|
|
||||||
delete authority->priv->js_polkit;
|
|
||||||
|
|
||||||
JS_DestroyContext (authority->priv->cx);
|
|
||||||
- /* JS_ShutDown (); */
|
|
||||||
|
|
||||||
G_OBJECT_CLASS (polkit_backend_js_authority_parent_class)->finalize (object);
|
|
||||||
}
|
|
||||||
@@ -666,7 +672,6 @@ polkit_backend_js_authority_class_init (PolkitBackendJsAuthorityClass *klass)
|
|
||||||
|
|
||||||
g_type_class_add_private (klass, sizeof (PolkitBackendJsAuthorityPrivate));
|
|
||||||
|
|
||||||
- JS_Init ();
|
|
||||||
}
|
|
||||||
|
|
||||||
/* ---------------------------------------------------------------------------------------------------- */
|
|
||||||
--
|
|
||||||
GitLab
|
|
||||||
|
|
||||||
|
|
||||||
From 2b5f49a4e4266d2c327ef55e6df121511e23236b Mon Sep 17 00:00:00 2001
|
|
||||||
From: Xi Ruoyao <xry111@mengyan1223.wang>
|
|
||||||
Date: Tue, 25 Jan 2022 19:20:58 +0800
|
|
||||||
Subject: [PATCH 2/3] jsauthority: port to mozjs-91
|
|
||||||
|
|
||||||
---
|
|
||||||
configure.ac | 2 +-
|
|
||||||
meson.build | 2 +-
|
|
||||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/configure.ac b/configure.ac
|
|
||||||
index e434ca2..6783ee7 100644
|
|
||||||
--- a/configure.ac
|
|
||||||
+++ b/configure.ac
|
|
||||||
@@ -80,7 +80,7 @@ PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 >= 2.30.0])
|
|
||||||
AC_SUBST(GLIB_CFLAGS)
|
|
||||||
AC_SUBST(GLIB_LIBS)
|
|
||||||
|
|
||||||
-PKG_CHECK_MODULES(LIBJS, [mozjs-78])
|
|
||||||
+PKG_CHECK_MODULES(LIBJS, [mozjs-91])
|
|
||||||
|
|
||||||
AC_SUBST(LIBJS_CFLAGS)
|
|
||||||
AC_SUBST(LIBJS_CXXFLAGS)
|
|
||||||
--
|
|
||||||
diff --git a/meson.build b/meson.build
|
|
||||||
index 858078d..09cce0f 100644
|
|
||||||
--- a/meson.build
|
|
||||||
+++ b/meson.build
|
|
||||||
@@ -133,7 +133,7 @@ expat_dep = dependency('expat')
|
|
||||||
assert(cc.has_header('expat.h', dependencies: expat_dep), 'Can\'t find expat.h. Please install expat.')
|
|
||||||
assert(cc.has_function('XML_ParserCreate', dependencies: expat_dep), 'Can\'t find expat library. Please install expat.')
|
|
||||||
|
|
||||||
-mozjs_dep = dependency('mozjs-78')
|
|
||||||
+mozjs_dep = dependency('mozjs-91')
|
|
||||||
|
|
||||||
dbus_dep = dependency('dbus-1', required: false)
|
|
||||||
dbus_policydir = pk_prefix / pk_datadir / 'dbus-1/system.d'
|
|
||||||
--
|
|
||||||
GitLab
|
|
||||||
|
|
47
Allow-uid-of-1-for-a-PolkitUnixProcess.patch
Normal file
47
Allow-uid-of-1-for-a-PolkitUnixProcess.patch
Normal file
@ -0,0 +1,47 @@
|
|||||||
|
From 783ec80ec1b4d8f1dc20a2a41dfaddbc1c3f5ab2 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Matthew Leeds <matthew.leeds@endlessm.com>
|
||||||
|
Date: Tue, 11 Dec 2018 12:04:26 -0800
|
||||||
|
Subject: [PATCH] Allow uid of -1 for a PolkitUnixProcess
|
||||||
|
|
||||||
|
Commit 2cb40c4d5 changed PolkitUnixUser, PolkitUnixGroup, and
|
||||||
|
PolkitUnixProcess to allow negative values for their uid/gid properties,
|
||||||
|
since these are values above INT_MAX which wrap around but are still
|
||||||
|
valid, with the exception of -1 which is not valid. However,
|
||||||
|
PolkitUnixProcess allows a uid of -1 to be passed to
|
||||||
|
polkit_unix_process_new_for_owner() which means polkit is expected to
|
||||||
|
figure out the uid on its own (this happens in the _constructed
|
||||||
|
function). So this commit removes the check in
|
||||||
|
polkit_unix_process_set_property() so that new_for_owner() can be used
|
||||||
|
as documented without producing a critical error message.
|
||||||
|
|
||||||
|
This does not affect the protection against CVE-2018-19788 which is
|
||||||
|
based on creating a user with a UID up to but not including 4294967295
|
||||||
|
(-1).
|
||||||
|
---
|
||||||
|
src/polkit/polkitunixprocess.c | 9 ++-------
|
||||||
|
1 file changed, 2 insertions(+), 7 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c
|
||||||
|
index 78d7251..289a82e 100644
|
||||||
|
--- a/src/polkit/polkitunixprocess.c
|
||||||
|
+++ b/src/polkit/polkitunixprocess.c
|
||||||
|
@@ -228,14 +228,9 @@ polkit_unix_process_set_property (GObject *object,
|
||||||
|
polkit_unix_process_set_pid (unix_process, g_value_get_int (value));
|
||||||
|
break;
|
||||||
|
|
||||||
|
- case PROP_UID: {
|
||||||
|
- gint val;
|
||||||
|
-
|
||||||
|
- val = g_value_get_int (value);
|
||||||
|
- g_return_if_fail (val != -1);
|
||||||
|
- polkit_unix_process_set_uid (unix_process, val);
|
||||||
|
+ case PROP_UID:
|
||||||
|
+ polkit_unix_process_set_uid (unix_process, g_value_get_int (value));
|
||||||
|
break;
|
||||||
|
- }
|
||||||
|
|
||||||
|
case PROP_START_TIME:
|
||||||
|
polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value));
|
||||||
|
--
|
||||||
|
2.14.5
|
||||||
|
|
291
CVE-2018-19788.patch
Normal file
291
CVE-2018-19788.patch
Normal file
@ -0,0 +1,291 @@
|
|||||||
|
diff --git a/src/polkit/polkitunixgroup.c b/src/polkit/polkitunixgroup.c
|
||||||
|
index c57a1aaacbb13c4e4297dd812cf5904f2f427b03..309f68918895e0f8b547f8c06f89c6fb1326fe20 100644
|
||||||
|
--- a/src/polkit/polkitunixgroup.c
|
||||||
|
+++ b/src/polkit/polkitunixgroup.c
|
||||||
|
@@ -71,6 +71,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixGroup, polkit_unix_group, G_TYPE_OBJECT,
|
||||||
|
static void
|
||||||
|
polkit_unix_group_init (PolkitUnixGroup *unix_group)
|
||||||
|
{
|
||||||
|
+ unix_group->gid = -1; /* (git_t) -1 is not a valid GID under Linux */
|
||||||
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
@@ -100,11 +101,14 @@ polkit_unix_group_set_property (GObject *object,
|
||||||
|
GParamSpec *pspec)
|
||||||
|
{
|
||||||
|
PolkitUnixGroup *unix_group = POLKIT_UNIX_GROUP (object);
|
||||||
|
+ gint val;
|
||||||
|
|
||||||
|
switch (prop_id)
|
||||||
|
{
|
||||||
|
case PROP_GID:
|
||||||
|
- unix_group->gid = g_value_get_int (value);
|
||||||
|
+ val = g_value_get_int (value);
|
||||||
|
+ g_return_if_fail (val != -1);
|
||||||
|
+ unix_group->gid = val;
|
||||||
|
break;
|
||||||
|
|
||||||
|
default:
|
||||||
|
@@ -131,9 +135,9 @@ polkit_unix_group_class_init (PolkitUnixGroupClass *klass)
|
||||||
|
g_param_spec_int ("gid",
|
||||||
|
"Group ID",
|
||||||
|
"The UNIX group ID",
|
||||||
|
- 0,
|
||||||
|
+ G_MININT,
|
||||||
|
G_MAXINT,
|
||||||
|
- 0,
|
||||||
|
+ -1,
|
||||||
|
G_PARAM_CONSTRUCT |
|
||||||
|
G_PARAM_READWRITE |
|
||||||
|
G_PARAM_STATIC_NAME |
|
||||||
|
@@ -166,9 +170,10 @@ polkit_unix_group_get_gid (PolkitUnixGroup *group)
|
||||||
|
*/
|
||||||
|
void
|
||||||
|
polkit_unix_group_set_gid (PolkitUnixGroup *group,
|
||||||
|
- gint gid)
|
||||||
|
+ gint gid)
|
||||||
|
{
|
||||||
|
g_return_if_fail (POLKIT_IS_UNIX_GROUP (group));
|
||||||
|
+ g_return_if_fail (gid != -1);
|
||||||
|
group->gid = gid;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -183,6 +188,8 @@ polkit_unix_group_set_gid (PolkitUnixGroup *group,
|
||||||
|
PolkitIdentity *
|
||||||
|
polkit_unix_group_new (gint gid)
|
||||||
|
{
|
||||||
|
+ g_return_val_if_fail (gid != -1, NULL);
|
||||||
|
+
|
||||||
|
return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_GROUP,
|
||||||
|
"gid", gid,
|
||||||
|
NULL));
|
||||||
|
diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c
|
||||||
|
index 972b7776825d5ccf677ed12ed620fc0c52352547..b02b25894ad120d88ea21d4c96ac8dca1821fcf2 100644
|
||||||
|
--- a/src/polkit/polkitunixprocess.c
|
||||||
|
+++ b/src/polkit/polkitunixprocess.c
|
||||||
|
@@ -159,9 +159,14 @@ polkit_unix_process_set_property (GObject *object,
|
||||||
|
polkit_unix_process_set_pid (unix_process, g_value_get_int (value));
|
||||||
|
break;
|
||||||
|
|
||||||
|
- case PROP_UID:
|
||||||
|
- polkit_unix_process_set_uid (unix_process, g_value_get_int (value));
|
||||||
|
+ case PROP_UID: {
|
||||||
|
+ gint val;
|
||||||
|
+
|
||||||
|
+ val = g_value_get_int (value);
|
||||||
|
+ g_return_if_fail (val != -1);
|
||||||
|
+ polkit_unix_process_set_uid (unix_process, val);
|
||||||
|
break;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
case PROP_START_TIME:
|
||||||
|
polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value));
|
||||||
|
@@ -239,7 +244,7 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass)
|
||||||
|
g_param_spec_int ("uid",
|
||||||
|
"User ID",
|
||||||
|
"The UNIX user ID",
|
||||||
|
- -1,
|
||||||
|
+ G_MININT,
|
||||||
|
G_MAXINT,
|
||||||
|
-1,
|
||||||
|
G_PARAM_CONSTRUCT |
|
||||||
|
@@ -303,7 +308,6 @@ polkit_unix_process_set_uid (PolkitUnixProcess *process,
|
||||||
|
gint uid)
|
||||||
|
{
|
||||||
|
g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process));
|
||||||
|
- g_return_if_fail (uid >= -1);
|
||||||
|
process->uid = uid;
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/src/polkit/polkitunixuser.c b/src/polkit/polkitunixuser.c
|
||||||
|
index 8bfd3a1fb05ddb56adebd097569a9977b7b922f3..234a6976c573ac65200ee08228cd50111f0c769b 100644
|
||||||
|
--- a/src/polkit/polkitunixuser.c
|
||||||
|
+++ b/src/polkit/polkitunixuser.c
|
||||||
|
@@ -72,6 +72,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixUser, polkit_unix_user, G_TYPE_OBJECT,
|
||||||
|
static void
|
||||||
|
polkit_unix_user_init (PolkitUnixUser *unix_user)
|
||||||
|
{
|
||||||
|
+ unix_user->uid = -1; /* (uid_t) -1 is not a valid UID under Linux */
|
||||||
|
unix_user->name = NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -112,11 +113,14 @@ polkit_unix_user_set_property (GObject *object,
|
||||||
|
GParamSpec *pspec)
|
||||||
|
{
|
||||||
|
PolkitUnixUser *unix_user = POLKIT_UNIX_USER (object);
|
||||||
|
+ gint val;
|
||||||
|
|
||||||
|
switch (prop_id)
|
||||||
|
{
|
||||||
|
case PROP_UID:
|
||||||
|
- unix_user->uid = g_value_get_int (value);
|
||||||
|
+ val = g_value_get_int (value);
|
||||||
|
+ g_return_if_fail (val != -1);
|
||||||
|
+ unix_user->uid = val;
|
||||||
|
break;
|
||||||
|
|
||||||
|
default:
|
||||||
|
@@ -144,9 +148,9 @@ polkit_unix_user_class_init (PolkitUnixUserClass *klass)
|
||||||
|
g_param_spec_int ("uid",
|
||||||
|
"User ID",
|
||||||
|
"The UNIX user ID",
|
||||||
|
- 0,
|
||||||
|
+ G_MININT,
|
||||||
|
G_MAXINT,
|
||||||
|
- 0,
|
||||||
|
+ -1,
|
||||||
|
G_PARAM_CONSTRUCT |
|
||||||
|
G_PARAM_READWRITE |
|
||||||
|
G_PARAM_STATIC_NAME |
|
||||||
|
@@ -182,6 +186,7 @@ polkit_unix_user_set_uid (PolkitUnixUser *user,
|
||||||
|
gint uid)
|
||||||
|
{
|
||||||
|
g_return_if_fail (POLKIT_IS_UNIX_USER (user));
|
||||||
|
+ g_return_if_fail (uid != -1);
|
||||||
|
user->uid = uid;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -196,6 +201,8 @@ polkit_unix_user_set_uid (PolkitUnixUser *user,
|
||||||
|
PolkitIdentity *
|
||||||
|
polkit_unix_user_new (gint uid)
|
||||||
|
{
|
||||||
|
+ g_return_val_if_fail (uid != -1, NULL);
|
||||||
|
+
|
||||||
|
return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_USER,
|
||||||
|
"uid", uid,
|
||||||
|
NULL));
|
||||||
|
diff --git a/test/data/etc/group b/test/data/etc/group
|
||||||
|
index 12ef328b21b346ee3828ce3aaf15cca83858bd1d..b9acab97211fdf7db521dc0939b2dcfc2c9e350b 100644
|
||||||
|
--- a/test/data/etc/group
|
||||||
|
+++ b/test/data/etc/group
|
||||||
|
@@ -5,3 +5,4 @@ john:x:500:
|
||||||
|
jane:x:501:
|
||||||
|
sally:x:502:
|
||||||
|
henry:x:503:
|
||||||
|
+highuid2:x:4000000000:
|
||||||
|
diff --git a/test/data/etc/passwd b/test/data/etc/passwd
|
||||||
|
index 8544febcd8b1720e5577dfb3f0672a6fef29e701..5cf14a5620259f79806192ca935fee84a29ac96d 100644
|
||||||
|
--- a/test/data/etc/passwd
|
||||||
|
+++ b/test/data/etc/passwd
|
||||||
|
@@ -3,3 +3,5 @@ john:x:500:500:John Done:/home/john:/bin/bash
|
||||||
|
jane:x:501:501:Jane Smith:/home/jane:/bin/bash
|
||||||
|
sally:x:502:502:Sally Derp:/home/sally:/bin/bash
|
||||||
|
henry:x:503:503:Henry Herp:/home/henry:/bin/bash
|
||||||
|
+highuid1:x:2147483648:2147483648:The first high uid:/home/highuid1:/sbin/nologin
|
||||||
|
+highuid2:x:4000000000:4000000000:An example high uid:/home/example:/sbin/nologin
|
||||||
|
diff --git a/test/data/etc/polkit-1/rules.d/10-testing.rules b/test/data/etc/polkit-1/rules.d/10-testing.rules
|
||||||
|
index 446e62291b7fe4c5bacdceb1045350af1a9dc245..98bf062a08cb11fddb7df95d0bcdec1b1ac3587d 100644
|
||||||
|
--- a/test/data/etc/polkit-1/rules.d/10-testing.rules
|
||||||
|
+++ b/test/data/etc/polkit-1/rules.d/10-testing.rules
|
||||||
|
@@ -53,6 +53,27 @@ polkit.addRule(function(action, subject) {
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
+polkit.addRule(function(action, subject) {
|
||||||
|
+ if (action.id == "net.company.john_action") {
|
||||||
|
+ if (subject.user == "john") {
|
||||||
|
+ return polkit.Result.YES;
|
||||||
|
+ } else {
|
||||||
|
+ return polkit.Result.NO;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+});
|
||||||
|
+
|
||||||
|
+polkit.addRule(function(action, subject) {
|
||||||
|
+ if (action.id == "net.company.highuid2_action") {
|
||||||
|
+ if (subject.user == "highuid2") {
|
||||||
|
+ return polkit.Result.YES;
|
||||||
|
+ } else {
|
||||||
|
+ return polkit.Result.NO;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+});
|
||||||
|
+
|
||||||
|
+
|
||||||
|
// ---------------------------------------------------------------------
|
||||||
|
// variables
|
||||||
|
|
||||||
|
diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c b/test/polkitbackend/test-polkitbackendjsauthority.c
|
||||||
|
index b484a26600dbde074ee7d8491f88624fdc83c39c..71aad23e2f5d1a7b15e138f23e6581a31498bad6 100644
|
||||||
|
--- a/test/polkitbackend/test-polkitbackendjsauthority.c
|
||||||
|
+++ b/test/polkitbackend/test-polkitbackendjsauthority.c
|
||||||
|
@@ -330,6 +330,78 @@ static const RulesTestCase rules_test_cases[] = {
|
||||||
|
NULL,
|
||||||
|
POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED,
|
||||||
|
},
|
||||||
|
+
|
||||||
|
+ {
|
||||||
|
+ /* highuid1 is not a member of group 'users', see test/data/etc/group */
|
||||||
|
+ "group_membership_with_non_member(highuid22)",
|
||||||
|
+ "net.company.group.only_group_users",
|
||||||
|
+ "unix-user:highuid2",
|
||||||
|
+ NULL,
|
||||||
|
+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
|
||||||
|
+ },
|
||||||
|
+
|
||||||
|
+ {
|
||||||
|
+ /* highuid2 is not a member of group 'users', see test/data/etc/group */
|
||||||
|
+ "group_membership_with_non_member(highuid21)",
|
||||||
|
+ "net.company.group.only_group_users",
|
||||||
|
+ "unix-user:highuid2",
|
||||||
|
+ NULL,
|
||||||
|
+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
|
||||||
|
+ },
|
||||||
|
+
|
||||||
|
+ {
|
||||||
|
+ /* highuid1 is not a member of group 'users', see test/data/etc/group */
|
||||||
|
+ "group_membership_with_non_member(highuid24)",
|
||||||
|
+ "net.company.group.only_group_users",
|
||||||
|
+ "unix-user:2147483648",
|
||||||
|
+ NULL,
|
||||||
|
+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
|
||||||
|
+ },
|
||||||
|
+
|
||||||
|
+ {
|
||||||
|
+ /* highuid2 is not a member of group 'users', see test/data/etc/group */
|
||||||
|
+ "group_membership_with_non_member(highuid23)",
|
||||||
|
+ "net.company.group.only_group_users",
|
||||||
|
+ "unix-user:4000000000",
|
||||||
|
+ NULL,
|
||||||
|
+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
|
||||||
|
+ },
|
||||||
|
+
|
||||||
|
+ {
|
||||||
|
+ /* john is authorized to do this, see 10-testing.rules */
|
||||||
|
+ "john_action",
|
||||||
|
+ "net.company.john_action",
|
||||||
|
+ "unix-user:john",
|
||||||
|
+ NULL,
|
||||||
|
+ POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED,
|
||||||
|
+ },
|
||||||
|
+
|
||||||
|
+ {
|
||||||
|
+ /* only john is authorized to do this, see 10-testing.rules */
|
||||||
|
+ "jane_action",
|
||||||
|
+ "net.company.john_action",
|
||||||
|
+ "unix-user:jane",
|
||||||
|
+ NULL,
|
||||||
|
+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
|
||||||
|
+ },
|
||||||
|
+
|
||||||
|
+ {
|
||||||
|
+ /* highuid2 is authorized to do this, see 10-testing.rules */
|
||||||
|
+ "highuid2_action",
|
||||||
|
+ "net.company.highuid2_action",
|
||||||
|
+ "unix-user:highuid2",
|
||||||
|
+ NULL,
|
||||||
|
+ POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED,
|
||||||
|
+ },
|
||||||
|
+
|
||||||
|
+ {
|
||||||
|
+ /* only highuid2 is authorized to do this, see 10-testing.rules */
|
||||||
|
+ "highuid1_action",
|
||||||
|
+ "net.company.highuid2_action",
|
||||||
|
+ "unix-user:highuid1",
|
||||||
|
+ NULL,
|
||||||
|
+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
|
||||||
|
+ },
|
||||||
|
};
|
||||||
|
|
||||||
|
/* ---------------------------------------------------------------------------------------------------- */
|
||||||
|
|
@ -1,71 +0,0 @@
|
|||||||
diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c
|
|
||||||
index 8ed1363..2fbf5f1 100644
|
|
||||||
--- a/src/polkit/polkitsystembusname.c
|
|
||||||
+++ b/src/polkit/polkitsystembusname.c
|
|
||||||
@@ -62,6 +62,10 @@ enum
|
|
||||||
PROP_NAME,
|
|
||||||
};
|
|
||||||
|
|
||||||
+
|
|
||||||
+guint8 dbus_call_respond_fails; // has to be global because of callback
|
|
||||||
+
|
|
||||||
+
|
|
||||||
static void subject_iface_init (PolkitSubjectIface *subject_iface);
|
|
||||||
|
|
||||||
G_DEFINE_TYPE_WITH_CODE (PolkitSystemBusName, polkit_system_bus_name, G_TYPE_OBJECT,
|
|
||||||
@@ -364,6 +368,7 @@ on_retrieved_unix_uid_pid (GObject *src,
|
|
||||||
if (!v)
|
|
||||||
{
|
|
||||||
data->caught_error = TRUE;
|
|
||||||
+ dbus_call_respond_fails += 1;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
@@ -405,6 +410,8 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus
|
|
||||||
tmp_context = g_main_context_new ();
|
|
||||||
g_main_context_push_thread_default (tmp_context);
|
|
||||||
|
|
||||||
+ dbus_call_respond_fails = 0;
|
|
||||||
+
|
|
||||||
/* Do two async calls as it's basically as fast as one sync call.
|
|
||||||
*/
|
|
||||||
g_dbus_connection_call (connection,
|
|
||||||
@@ -432,11 +439,34 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus
|
|
||||||
on_retrieved_unix_uid_pid,
|
|
||||||
&data);
|
|
||||||
|
|
||||||
- while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error))
|
|
||||||
- g_main_context_iteration (tmp_context, TRUE);
|
|
||||||
+ while (TRUE)
|
|
||||||
+ {
|
|
||||||
+ /* If one dbus call returns error, we must wait until the other call
|
|
||||||
+ * calls _call_finish(), otherwise fd leak is possible.
|
|
||||||
+ * Resolves: GHSL-2021-077
|
|
||||||
+ */
|
|
||||||
|
|
||||||
- if (data.caught_error)
|
|
||||||
- goto out;
|
|
||||||
+ if ( (dbus_call_respond_fails > 1) )
|
|
||||||
+ {
|
|
||||||
+ // we got two faults, we can leave
|
|
||||||
+ goto out;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if ((data.caught_error && (data.retrieved_pid || data.retrieved_uid)))
|
|
||||||
+ {
|
|
||||||
+ // we got one fault and the other call finally finished, we can leave
|
|
||||||
+ goto out;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if ( !(data.retrieved_uid && data.retrieved_pid) )
|
|
||||||
+ {
|
|
||||||
+ g_main_context_iteration (tmp_context, TRUE);
|
|
||||||
+ }
|
|
||||||
+ else
|
|
||||||
+ {
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
|
|
||||||
if (out_uid)
|
|
||||||
*out_uid = data.uid;
|
|
@ -1,79 +0,0 @@
|
|||||||
From a2bf5c9c83b6ae46cbd5c779d3055bff81ded683 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Jan Rybar <jrybar@redhat.com>
|
|
||||||
Date: Tue, 25 Jan 2022 17:21:46 +0000
|
|
||||||
Subject: [PATCH] pkexec: local privilege escalation (CVE-2021-4034)
|
|
||||||
|
|
||||||
---
|
|
||||||
src/programs/pkcheck.c | 5 +++++
|
|
||||||
src/programs/pkexec.c | 23 ++++++++++++++++++++---
|
|
||||||
2 files changed, 25 insertions(+), 3 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/programs/pkcheck.c b/src/programs/pkcheck.c
|
|
||||||
index f1bb4e1..768525c 100644
|
|
||||||
--- a/src/programs/pkcheck.c
|
|
||||||
+++ b/src/programs/pkcheck.c
|
|
||||||
@@ -363,6 +363,11 @@ main (int argc, char *argv[])
|
|
||||||
local_agent_handle = NULL;
|
|
||||||
ret = 126;
|
|
||||||
|
|
||||||
+ if (argc < 1)
|
|
||||||
+ {
|
|
||||||
+ exit(126);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
/* Disable remote file access from GIO. */
|
|
||||||
setenv ("GIO_USE_VFS", "local", 1);
|
|
||||||
|
|
||||||
diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c
|
|
||||||
index 7698c5c..84e5ef6 100644
|
|
||||||
--- a/src/programs/pkexec.c
|
|
||||||
+++ b/src/programs/pkexec.c
|
|
||||||
@@ -488,6 +488,15 @@ main (int argc, char *argv[])
|
|
||||||
pid_t pid_of_caller;
|
|
||||||
gpointer local_agent_handle;
|
|
||||||
|
|
||||||
+
|
|
||||||
+ /*
|
|
||||||
+ * If 'pkexec' is called THIS wrong, someone's probably evil-doing. Don't be nice, just bail out.
|
|
||||||
+ */
|
|
||||||
+ if (argc<1)
|
|
||||||
+ {
|
|
||||||
+ exit(127);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
ret = 127;
|
|
||||||
authority = NULL;
|
|
||||||
subject = NULL;
|
|
||||||
@@ -614,10 +623,10 @@ main (int argc, char *argv[])
|
|
||||||
|
|
||||||
path = g_strdup (pwstruct.pw_shell);
|
|
||||||
if (!path)
|
|
||||||
- {
|
|
||||||
+ {
|
|
||||||
g_printerr ("No shell configured or error retrieving pw_shell\n");
|
|
||||||
goto out;
|
|
||||||
- }
|
|
||||||
+ }
|
|
||||||
/* If you change this, be sure to change the if (!command_line)
|
|
||||||
case below too */
|
|
||||||
command_line = g_strdup (path);
|
|
||||||
@@ -636,7 +645,15 @@ main (int argc, char *argv[])
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
g_free (path);
|
|
||||||
- argv[n] = path = s;
|
|
||||||
+ path = s;
|
|
||||||
+
|
|
||||||
+ /* argc<2 and pkexec runs just shell, argv is guaranteed to be null-terminated.
|
|
||||||
+ * /-less shell shouldn't happen, but let's be defensive and don't write to null-termination
|
|
||||||
+ */
|
|
||||||
+ if (argv[n] != NULL)
|
|
||||||
+ {
|
|
||||||
+ argv[n] = path;
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
if (access (path, F_OK) != 0)
|
|
||||||
{
|
|
||||||
--
|
|
||||||
GitLab
|
|
||||||
|
|
@ -1,90 +0,0 @@
|
|||||||
diff --git a/configure.ac b/configure.ac
|
|
||||||
index eea70fc..c4569f1 100644
|
|
||||||
--- a/configure.ac
|
|
||||||
+++ b/configure.ac
|
|
||||||
@@ -34,7 +34,7 @@ AC_PROG_LN_S
|
|
||||||
AC_SYS_LARGEFILE
|
|
||||||
AM_PROG_CC_C_O
|
|
||||||
AC_PROG_CXX
|
|
||||||
-AX_CXX_COMPILE_STDCXX([14], [], [mandatory])
|
|
||||||
+AX_CXX_COMPILE_STDCXX([17], [], [mandatory])
|
|
||||||
|
|
||||||
# Taken from dbus
|
|
||||||
AC_ARG_ENABLE(ansi, [ --enable-ansi enable -ansi -pedantic gcc flags],enable_ansi=$enableval,enable_ansi=no)
|
|
||||||
@@ -80,7 +80,7 @@ PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 >= 2.30.0])
|
|
||||||
AC_SUBST(GLIB_CFLAGS)
|
|
||||||
AC_SUBST(GLIB_LIBS)
|
|
||||||
|
|
||||||
-PKG_CHECK_MODULES(LIBJS, [mozjs-68])
|
|
||||||
+PKG_CHECK_MODULES(LIBJS, [mozjs-78])
|
|
||||||
|
|
||||||
AC_SUBST(LIBJS_CFLAGS)
|
|
||||||
AC_SUBST(LIBJS_CXXFLAGS)
|
|
||||||
diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp
|
|
||||||
index 25bd1f9..ca17108 100644
|
|
||||||
--- a/src/polkitbackend/polkitbackendjsauthority.cpp
|
|
||||||
+++ b/src/polkitbackend/polkitbackendjsauthority.cpp
|
|
||||||
@@ -49,6 +49,7 @@
|
|
||||||
#include <js/Realm.h>
|
|
||||||
#include <js/SourceText.h>
|
|
||||||
#include <js/Warnings.h>
|
|
||||||
+#include <js/Array.h>
|
|
||||||
#include <jsapi.h>
|
|
||||||
|
|
||||||
#include "initjs.h" /* init.js */
|
|
||||||
@@ -367,7 +368,7 @@ load_scripts (PolkitBackendJsAuthority *authority)
|
|
||||||
static void
|
|
||||||
reload_scripts (PolkitBackendJsAuthority *authority)
|
|
||||||
{
|
|
||||||
- JS::AutoValueArray<1> args(authority->priv->cx);
|
|
||||||
+ JS::RootedValueArray<1> args(authority->priv->cx);
|
|
||||||
JS::RootedValue rval(authority->priv->cx);
|
|
||||||
|
|
||||||
JS::RootedObject js_polkit(authority->priv->cx, authority->priv->js_polkit->get ());
|
|
||||||
@@ -482,10 +483,6 @@ polkit_backend_js_authority_constructed (GObject *object)
|
|
||||||
if (!JS::InitSelfHostedCode (authority->priv->cx))
|
|
||||||
goto fail;
|
|
||||||
|
|
||||||
- JS::ContextOptionsRef (authority->priv->cx)
|
|
||||||
- .setIon (TRUE)
|
|
||||||
- .setBaseline (TRUE)
|
|
||||||
- .setAsmJS (TRUE);
|
|
||||||
JS::SetWarningReporter(authority->priv->cx, report_error);
|
|
||||||
JS_SetContextPrivate (authority->priv->cx, authority);
|
|
||||||
|
|
||||||
@@ -720,7 +717,7 @@ set_property_strv (PolkitBackendJsAuthority *authority,
|
|
||||||
elems[n].setNull ();
|
|
||||||
}
|
|
||||||
|
|
||||||
- JS::RootedObject array_object(authority->priv->cx, JS_NewArrayObject (authority->priv->cx, elems));
|
|
||||||
+ JS::RootedObject array_object(authority->priv->cx, JS::NewArrayObject (authority->priv->cx, elems));
|
|
||||||
|
|
||||||
value_jsval = JS::ObjectValue (*array_object);
|
|
||||||
JS_SetProperty (authority->priv->cx, obj, name, value_jsval);
|
|
||||||
@@ -1114,7 +1111,7 @@ polkit_backend_js_authority_get_admin_auth_identities (PolkitBackendInteractiveA
|
|
||||||
{
|
|
||||||
PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (_authority);
|
|
||||||
GList *ret = NULL;
|
|
||||||
- JS::AutoValueArray<2> args(authority->priv->cx);
|
|
||||||
+ JS::RootedValueArray<2> args(authority->priv->cx);
|
|
||||||
JS::RootedValue rval(authority->priv->cx);
|
|
||||||
guint n;
|
|
||||||
GError *error = NULL;
|
|
||||||
@@ -1218,7 +1215,7 @@ polkit_backend_js_authority_check_authorization_sync (PolkitBackendInteractiveAu
|
|
||||||
{
|
|
||||||
PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (_authority);
|
|
||||||
PolkitImplicitAuthorization ret = implicit;
|
|
||||||
- JS::AutoValueArray<2> args(authority->priv->cx);
|
|
||||||
+ JS::RootedValueArray<2> args(authority->priv->cx);
|
|
||||||
JS::RootedValue rval(authority->priv->cx);
|
|
||||||
GError *error = NULL;
|
|
||||||
JS::RootedString ret_jsstr (authority->priv->cx);
|
|
||||||
@@ -1409,7 +1406,7 @@ js_polkit_spawn (JSContext *cx,
|
|
||||||
JS::CallArgs args = JS::CallArgsFromVp (js_argc, vp);
|
|
||||||
array_object = &args[0].toObject();
|
|
||||||
|
|
||||||
- if (!JS_GetArrayLength (cx, array_object, &array_len))
|
|
||||||
+ if (!JS::GetArrayLength (cx, array_object, &array_len))
|
|
||||||
{
|
|
||||||
JS_ReportErrorUTF8 (cx, "Failed to get array length");
|
|
||||||
goto out;
|
|
201
polkit.spec
201
polkit.spec
@ -1,34 +1,47 @@
|
|||||||
# Only enable if using patches that touches configure.ac,
|
# Only enable if using patches that touches configure.ac,
|
||||||
# Makefile.am or other build system related files
|
# Makefile.am or other build system related files
|
||||||
#
|
#
|
||||||
|
#define enable_autoreconf 1
|
||||||
|
|
||||||
Summary: An authorization framework
|
Summary: An authorization framework
|
||||||
Name: polkit
|
Name: polkit
|
||||||
Version: 122
|
Version: 0.115
|
||||||
Release: 4%{?dist}
|
Release: 2.3%{?dist}
|
||||||
License: LGPLv2+
|
License: LGPLv2+
|
||||||
URL: http://www.freedesktop.org/wiki/Software/polkit
|
URL: http://www.freedesktop.org/wiki/Software/polkit
|
||||||
Source0: https://gitlab.freedesktop.org/polkit/polkit/-/archive/%{version}/%{name}-%{version}.tar.gz
|
Source0: http://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.gz
|
||||||
|
Source1: http://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.gz.sign
|
||||||
|
Group: System Environment/Libraries
|
||||||
|
|
||||||
|
Patch1: CVE-2018-19788.patch
|
||||||
|
Patch2: start_time-reuse-exploit.patch
|
||||||
|
Patch3: Allow-uid-of-1-for-a-PolkitUnixProcess.patch
|
||||||
|
Patch4: tty-echo-disabled-on-sigint.patch
|
||||||
|
|
||||||
BuildRequires: gcc-c++
|
BuildRequires: gcc-c++
|
||||||
BuildRequires: glib2-devel >= 2.30.0
|
BuildRequires: glib2-devel >= 2.30.0
|
||||||
BuildRequires: expat-devel
|
BuildRequires: expat-devel
|
||||||
BuildRequires: pam-devel
|
BuildRequires: pam-devel
|
||||||
BuildRequires: gtk-doc
|
BuildRequires: gtk-doc
|
||||||
BuildRequires: gettext-devel
|
BuildRequires: intltool
|
||||||
BuildRequires: gobject-introspection-devel
|
BuildRequires: gobject-introspection-devel
|
||||||
BuildRequires: systemd, systemd-devel
|
BuildRequires: systemd, systemd-devel
|
||||||
BuildRequires: dbus-devel
|
BuildRequires: pkgconfig(mozjs-52)
|
||||||
BuildRequires: pkgconfig(duktape)
|
|
||||||
BuildRequires: meson
|
|
||||||
BuildRequires: git
|
BuildRequires: git
|
||||||
|
|
||||||
|
%if 0%{?enable_autoreconf}
|
||||||
|
BuildRequires: autoconf
|
||||||
|
BuildRequires: automake
|
||||||
|
BuildRequires: libtool
|
||||||
|
%endif
|
||||||
|
|
||||||
Requires: dbus, polkit-pkla-compat
|
Requires: dbus, polkit-pkla-compat
|
||||||
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
||||||
|
|
||||||
Requires(pre): shadow-utils
|
Requires(pre): shadow-utils
|
||||||
Requires(post): systemd
|
Requires(post): /sbin/ldconfig, systemd
|
||||||
Requires(preun): systemd
|
Requires(preun): systemd
|
||||||
Requires(postun): systemd
|
Requires(postun): /sbin/ldconfig, systemd
|
||||||
|
|
||||||
Obsoletes: PolicyKit <= 0.10
|
Obsoletes: PolicyKit <= 0.10
|
||||||
Provides: PolicyKit = 0.11
|
Provides: PolicyKit = 0.11
|
||||||
@ -40,7 +53,7 @@ Conflicts: polkit-gnome < 0.97
|
|||||||
Obsoletes: polkit-desktop-policy < 0.103
|
Obsoletes: polkit-desktop-policy < 0.103
|
||||||
Provides: polkit-desktop-policy = 0.103
|
Provides: polkit-desktop-policy = 0.103
|
||||||
|
|
||||||
Obsoletes: polkit-js-engine < 0.120-5
|
Obsoletes: polkit-js-engine < 0.110-4
|
||||||
Provides: polkit-js-engine = %{version}-%{release}
|
Provides: polkit-js-engine = %{version}-%{release}
|
||||||
|
|
||||||
# when -libs was split out, handle multilib upgrade path -- rex
|
# when -libs was split out, handle multilib upgrade path -- rex
|
||||||
@ -53,6 +66,7 @@ processes.
|
|||||||
|
|
||||||
%package devel
|
%package devel
|
||||||
Summary: Development files for polkit
|
Summary: Development files for polkit
|
||||||
|
Group: Development/Libraries
|
||||||
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
||||||
Requires: %name-docs = %{version}-%{release}
|
Requires: %name-docs = %{version}-%{release}
|
||||||
Requires: glib2-devel
|
Requires: glib2-devel
|
||||||
@ -64,6 +78,7 @@ Development files for polkit.
|
|||||||
|
|
||||||
%package docs
|
%package docs
|
||||||
Summary: Development documentation for polkit
|
Summary: Development documentation for polkit
|
||||||
|
Group: Development/Libraries
|
||||||
Requires: %name-devel = %{version}-%{release}
|
Requires: %name-devel = %{version}-%{release}
|
||||||
Obsoletes: PolicyKit-docs <= 0.10
|
Obsoletes: PolicyKit-docs <= 0.10
|
||||||
Provides: PolicyKit-docs = 0.11
|
Provides: PolicyKit-docs = 0.11
|
||||||
@ -74,6 +89,7 @@ Development documentation for polkit.
|
|||||||
|
|
||||||
%package libs
|
%package libs
|
||||||
Summary: Libraries for polkit
|
Summary: Libraries for polkit
|
||||||
|
Group: Development/Libraries
|
||||||
|
|
||||||
%description libs
|
%description libs
|
||||||
Libraries files for polkit.
|
Libraries files for polkit.
|
||||||
@ -83,26 +99,30 @@ Libraries files for polkit.
|
|||||||
%autosetup -S git
|
%autosetup -S git
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%meson -D authfw=pam \
|
%if 0%{?enable_autoreconf}
|
||||||
-D examples=false \
|
autoreconf -i
|
||||||
-D gtk_doc=true \
|
%endif
|
||||||
-D introspection=true \
|
# we can't use _hardened_build here, see
|
||||||
-D man=true \
|
# https://bugzilla.redhat.com/show_bug.cgi?id=962005
|
||||||
-D session_tracking=libsystemd-login \
|
export CFLAGS='-fPIC %optflags'
|
||||||
-D tests=false
|
export LDFLAGS='-pie -Wl,-z,now -Wl,-z,relro'
|
||||||
|
%configure --enable-gtk-doc \
|
||||||
%meson_build
|
--disable-static \
|
||||||
|
--enable-introspection \
|
||||||
|
--disable-examples \
|
||||||
|
--enable-libsystemd-login=yes --with-mozjs=mozjs-17.0
|
||||||
|
make V=1
|
||||||
|
|
||||||
%install
|
%install
|
||||||
%meson_install
|
make install DESTDIR=$RPM_BUILD_ROOT INSTALL='install -p'
|
||||||
|
|
||||||
rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
|
rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
|
||||||
|
|
||||||
%find_lang polkit-1
|
%find_lang polkit-1
|
||||||
|
|
||||||
%pre
|
%pre
|
||||||
getent group polkitd >/dev/null || groupadd -r -g 114 polkitd
|
getent group polkitd >/dev/null || groupadd -r polkitd
|
||||||
getent passwd polkitd >/dev/null || useradd -r -u 114 -g polkitd -d / -s /sbin/nologin -c "User for polkitd" polkitd
|
getent passwd polkitd >/dev/null || useradd -r -g polkitd -d / -s /sbin/nologin -c "User for polkitd" polkitd
|
||||||
exit 0
|
exit 0
|
||||||
|
|
||||||
%post
|
%post
|
||||||
@ -118,20 +138,19 @@ exit 0
|
|||||||
%systemd_postun_with_restart polkit.service
|
%systemd_postun_with_restart polkit.service
|
||||||
|
|
||||||
%files -f polkit-1.lang
|
%files -f polkit-1.lang
|
||||||
%doc COPYING NEWS.md README.md
|
%doc COPYING NEWS README
|
||||||
%{_datadir}/man/man1/*
|
%{_datadir}/man/man1/*
|
||||||
%{_datadir}/man/man8/*
|
%{_datadir}/man/man8/*
|
||||||
%{_datadir}/dbus-1/system.d/org.freedesktop.PolicyKit1.conf
|
|
||||||
%{_datadir}/dbus-1/system-services/*
|
%{_datadir}/dbus-1/system-services/*
|
||||||
%{_unitdir}/polkit.service
|
%{_unitdir}/polkit.service
|
||||||
%dir %{_datadir}/polkit-1/
|
%dir %{_datadir}/polkit-1/
|
||||||
%dir %{_datadir}/polkit-1/actions
|
%dir %{_datadir}/polkit-1/actions
|
||||||
%attr(0700,polkitd,root) %dir %{_datadir}/polkit-1/rules.d
|
%attr(0700,polkitd,root) %dir %{_datadir}/polkit-1/rules.d
|
||||||
%{_datadir}/polkit-1/actions/org.freedesktop.policykit.policy
|
%{_datadir}/polkit-1/actions/org.freedesktop.policykit.policy
|
||||||
%{_datadir}/polkit-1/policyconfig-1.dtd
|
|
||||||
%dir %{_sysconfdir}/polkit-1
|
%dir %{_sysconfdir}/polkit-1
|
||||||
%{_datadir}/polkit-1/rules.d/50-default.rules
|
%{_sysconfdir}/polkit-1/rules.d/50-default.rules
|
||||||
%attr(0700,polkitd,root) %dir %{_sysconfdir}/polkit-1/rules.d
|
%attr(0700,polkitd,root) %dir %{_sysconfdir}/polkit-1/rules.d
|
||||||
|
%{_sysconfdir}/dbus-1/system.d/org.freedesktop.PolicyKit1.conf
|
||||||
%{_sysconfdir}/pam.d/polkit-1
|
%{_sysconfdir}/pam.d/polkit-1
|
||||||
%{_bindir}/pkaction
|
%{_bindir}/pkaction
|
||||||
%{_bindir}/pkcheck
|
%{_bindir}/pkcheck
|
||||||
@ -154,141 +173,27 @@ exit 0
|
|||||||
%files docs
|
%files docs
|
||||||
%{_datadir}/gtk-doc
|
%{_datadir}/gtk-doc
|
||||||
|
|
||||||
%ldconfig_scriptlets libs
|
%post libs -p /sbin/ldconfig
|
||||||
|
%postun libs -p /sbin/ldconfig
|
||||||
|
|
||||||
%files libs
|
%files libs
|
||||||
%{_libdir}/lib*.so.*
|
%{_libdir}/lib*.so.*
|
||||||
%{_libdir}/girepository-1.0/*.typelib
|
%{_libdir}/girepository-1.0/*.typelib
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Wed Feb 08 2023 Jan Rybar <jrybar@redhat.com> - 122-4
|
* Thu Feb 14 2019 Jan Rybar <jrybar@redhat.com> - 0.115-2.3
|
||||||
- Switch 'polkitd' to static UID/GID (fpc#1189) (on behalf of lucab)
|
|
||||||
- Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2104615
|
|
||||||
|
|
||||||
|
|
||||||
* Fri Jan 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 122-3
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
|
|
||||||
|
|
||||||
* Fri Dec 16 2022 František Zatloukal <fzatlouk@redhat.com> - 122-2
|
|
||||||
- Rebuilt for duktape 2.7.0
|
|
||||||
|
|
||||||
* Wed Oct 26 2022 Vincent Mihalkovic <vmihalko@redhat.com> - 122-1
|
|
||||||
- rebase to 122
|
|
||||||
|
|
||||||
* Mon Aug 15 2022 Jan Rybar <jrybar@redhat.com> - 121-4
|
|
||||||
- duktape re-enabled
|
|
||||||
|
|
||||||
* Tue Aug 02 2022 Jan Rybar <jrybar@redhat.com> - 121-3
|
|
||||||
- switched back to mozjs until problems with duktape are fixed
|
|
||||||
- Related: bz#2109145
|
|
||||||
|
|
||||||
* Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 121-2
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
|
|
||||||
|
|
||||||
* Tue Jul 12 2022 Jan Rybar <jrybar@redhat.com> - 121-1
|
|
||||||
- Rebase to v.121
|
|
||||||
|
|
||||||
* Sun Feb 20 2022 Frantisek Zatloukal <fzatlouk@redhat.com> - 0.120-5
|
|
||||||
- switch to mozjs91
|
|
||||||
|
|
||||||
* Wed Feb 16 2022 Jan Rybar <jrybar@redhat.com> - 0.120-4
|
|
||||||
- file descriptor exhaustion (GHSL-2021-077)
|
|
||||||
- Resolves: CVE-2021-4115
|
|
||||||
|
|
||||||
* Wed Jan 26 2022 Timothée Ravier <tim@siosm.fr> - 0.120-3
|
|
||||||
- Fix for CVE-2021-4034
|
|
||||||
|
|
||||||
* Fri Jan 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.120-2
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
|
|
||||||
|
|
||||||
* Wed Oct 06 2021 Pete Walter <pwalter@fedoraproject.org> - 0.120-1
|
|
||||||
- Update to 0.120
|
|
||||||
|
|
||||||
* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.118-3
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
|
|
||||||
|
|
||||||
* Thu May 20 2021 Jan Rybar <jrybar@redhat.com> - 0.118-2
|
|
||||||
- CVE-2021-3560 mitigation
|
|
||||||
- Resolves: CVE-2021-3560
|
|
||||||
|
|
||||||
* Mon Apr 26 2021 Jan Rybar <jrybar@redhat.com> - 0.118-1
|
|
||||||
- rebase to 0.118
|
|
||||||
|
|
||||||
* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 0.117-4
|
|
||||||
- Rebuilt for updated systemd-rpm-macros
|
|
||||||
See https://pagure.io/fesco/issue/2583.
|
|
||||||
|
|
||||||
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.117-3
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
|
||||||
|
|
||||||
* Wed Aug 12 2020 Jan Rybar <jrybar@redhat.com> - 0.117-2
|
|
||||||
- update dependency to mozjs78
|
|
||||||
|
|
||||||
* Fri Jul 31 2020 Jan Rybar <jrybar@redhat.com> - 0.117-1
|
|
||||||
- Rebased to polkit-0.117
|
|
||||||
|
|
||||||
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.116-9
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
|
||||||
|
|
||||||
* Wed Jul 22 2020 Tom Stellard <tstellar@redhat.com> - 0.116-8
|
|
||||||
- Use make macros
|
|
||||||
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
|
|
||||||
|
|
||||||
* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.116-7
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
|
||||||
|
|
||||||
* Fri Oct 25 2019 Jan Rybar <jrybar@redhat.com> - 0.116-6
|
|
||||||
- jsauthority memleak fix
|
|
||||||
|
|
||||||
* Fri Sep 27 2019 Jan Rybar <jrybar@redhat.com> - 0.116-5
|
|
||||||
- pkttyagent: unread input flushed on terminal restore
|
|
||||||
|
|
||||||
* Sun Sep 08 2019 Kalev Lember <klember@redhat.com> - 0.116-4
|
|
||||||
- Rebuilt for mozjs60 s390x fixes
|
|
||||||
|
|
||||||
* Fri Aug 02 2019 Jan Rybar <jrybar@redhat.com> - 0.116-3
|
|
||||||
- pkttyagent: backport patch, get SIGTTOU in background job
|
|
||||||
|
|
||||||
* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.116-2
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
|
||||||
|
|
||||||
* Thu May 02 2019 Pete Walter <pwalter@fedoraproject.org> - 0.116-1
|
|
||||||
- Update to 0.116
|
|
||||||
|
|
||||||
* Thu Feb 14 2019 Jan Rybar <jrybar@redhat.com> - 0.115-11
|
|
||||||
- pkttyagent: PolkitAgentTextListener leaves echo tty disabled if SIGINT/SIGTERM
|
- pkttyagent: PolkitAgentTextListener leaves echo tty disabled if SIGINT/SIGTERM
|
||||||
|
|
||||||
* Fri Feb 08 2019 Pete Walter <pwalter@fedoraproject.org> - 0.115-10
|
* Wed Feb 06 2019 Jan Rybar <jrybar@redhat.com> - 0.115-2.2
|
||||||
- Move to mozjs60
|
- Allow pid=-1 for PolkitUnixProcess to prevent 'critical'
|
||||||
|
|
||||||
* Tue Feb 05 2019 Jan Rybar <jrybar@redhat.com> - 0.115-9
|
* Wed Jan 09 2019 Jan Rybar <jrybar@redhat.com> - 0.115-2.1
|
||||||
- Allow uid=-1 for PolkitUnixProcess
|
- Fix of start_time reuse exploit (slowfork)
|
||||||
|
|
||||||
* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.115-8
|
* Fri Dec 07 2018 Jan Rybar <jrybar@redhat.com> - 0.115-2
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
|
||||||
|
|
||||||
* Tue Jan 08 2019 Colin Walters <walters@verbum.org> - 0.115-7
|
|
||||||
- Add security fix for
|
|
||||||
https://bugs.chromium.org/p/project-zero/issues/detail?id=1692
|
|
||||||
|
|
||||||
* Fri Dec 07 2018 Jan Rybar <jrybar@redhat.com> - 0.115-6
|
|
||||||
- Fix of CVE-2018-19788, priv escalation with high UIDs
|
- Fix of CVE-2018-19788, priv escalation with high UIDs
|
||||||
- Resolves: rhbz#1655926
|
- Resolves: rhbz#1655926
|
||||||
|
|
||||||
* Thu Sep 27 2018 Owen Taylor <otaylor@redhat.com> - 0.115-5
|
|
||||||
- Fix installation with prefix != /usr
|
|
||||||
|
|
||||||
* Mon Aug 13 2018 Jan Rybar <jrybar@redhat.com> - 0.115-4
|
|
||||||
- Leaking zombie processess started by rules
|
|
||||||
|
|
||||||
* Fri Jul 20 2018 Jan Rybar <jrybar@redhat.com> - 0.115-3
|
|
||||||
- Warning raised by polkit when disconnected from ssh
|
|
||||||
- polkitagentlistener: resource leak - pointer to 'server'
|
|
||||||
- Error message raised on every 'systemctl start' in emergency.target
|
|
||||||
|
|
||||||
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.115-2
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
|
||||||
|
|
||||||
* Tue Jul 10 2018 Miloslav Trmač <mitr@redhat.com> - 0.115-1
|
* Tue Jul 10 2018 Miloslav Trmač <mitr@redhat.com> - 0.115-1
|
||||||
- Update to 0.115 (CVE-2018-1116)
|
- Update to 0.115 (CVE-2018-1116)
|
||||||
|
|
||||||
|
3
sources
3
sources
@ -1 +1,2 @@
|
|||||||
SHA512 (polkit-122.tar.gz) = 6f537b218133777c1a9ef6b38296b4e17263d86b783acce4ce895ef3b507bb1b482d4b88bc410ab8846ce7cc7b84e82c4109f80f535190a351d7d2683b8608f3
|
SHA512 (polkit-0.115.tar.gz) = 1153011fa93145b2c184e6b3446d3ca21b38918641aeccd8fac3985ac3e30ec6bc75be6973985fde90f2a24236592f1595be259155061c2d33358dd17c4ee4fc
|
||||||
|
SHA512 (polkit-0.115.tar.gz.sign) = 4bca532119c7da3939dd63f031e2059c14392bd142b4de3733f76d7589a917471735e8ac157946a7f2f051c6748e70291f8484f9aa481b7feb326d3484d715cd
|
||||||
|
183
start_time-reuse-exploit.patch
Normal file
183
start_time-reuse-exploit.patch
Normal file
@ -0,0 +1,183 @@
|
|||||||
|
From a33fe199e9f085bb0ef859d57cdebfa7b19d8db7 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Colin Walters <walters@verbum.org>
|
||||||
|
Date: Fri, 4 Jan 2019 14:24:48 -0500
|
||||||
|
Subject: [PATCH] backend: Compare PolkitUnixProcess uids for temporary
|
||||||
|
authorizations
|
||||||
|
|
||||||
|
It turns out that the combination of `(pid, start time)` is not
|
||||||
|
enough to be unique. For temporary authorizations, we can avoid
|
||||||
|
separate users racing on pid reuse by simply comparing the uid.
|
||||||
|
|
||||||
|
The original email report is included in full in a new comment.
|
||||||
|
|
||||||
|
Reported-by: Jann Horn <jannh@google.com>
|
||||||
|
|
||||||
|
Closes: https://gitlab.freedesktop.org/polkit/polkit/issues/75
|
||||||
|
---
|
||||||
|
src/polkit/polkitsubject.c | 2 +
|
||||||
|
src/polkit/polkitunixprocess.c | 71 ++++++++++++++++++-
|
||||||
|
.../polkitbackendinteractiveauthority.c | 39 +++++++++-
|
||||||
|
3 files changed, 110 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/polkit/polkitsubject.c b/src/polkit/polkitsubject.c
|
||||||
|
index d4c1182..ccabd0a 100644
|
||||||
|
--- a/src/polkit/polkitsubject.c
|
||||||
|
+++ b/src/polkit/polkitsubject.c
|
||||||
|
@@ -99,6 +99,8 @@ polkit_subject_hash (PolkitSubject *subject)
|
||||||
|
* @b: A #PolkitSubject.
|
||||||
|
*
|
||||||
|
* Checks if @a and @b are equal, ie. represent the same subject.
|
||||||
|
+ * However, avoid calling polkit_subject_equal() to compare two processes;
|
||||||
|
+ * for more information see the `PolkitUnixProcess` documentation.
|
||||||
|
*
|
||||||
|
* This function can be used in e.g. g_hash_table_new().
|
||||||
|
*
|
||||||
|
diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c
|
||||||
|
index b02b258..78d7251 100644
|
||||||
|
--- a/src/polkit/polkitunixprocess.c
|
||||||
|
+++ b/src/polkit/polkitunixprocess.c
|
||||||
|
@@ -51,7 +51,10 @@
|
||||||
|
* @title: PolkitUnixProcess
|
||||||
|
* @short_description: Unix processs
|
||||||
|
*
|
||||||
|
- * An object for representing a UNIX process.
|
||||||
|
+ * An object for representing a UNIX process. NOTE: This object as
|
||||||
|
+ * designed is now known broken; a mechanism to exploit a delay in
|
||||||
|
+ * start time in the Linux kernel was identified. Avoid
|
||||||
|
+ * calling polkit_subject_equal() to compare two processes.
|
||||||
|
*
|
||||||
|
* To uniquely identify processes, both the process id and the start
|
||||||
|
* time of the process (a monotonic increasing value representing the
|
||||||
|
@@ -66,6 +69,72 @@
|
||||||
|
* polkit_unix_process_new_for_owner() with trusted data.
|
||||||
|
*/
|
||||||
|
|
||||||
|
+/* See https://gitlab.freedesktop.org/polkit/polkit/issues/75
|
||||||
|
+
|
||||||
|
+ But quoting the original email in full here to ensure it's preserved:
|
||||||
|
+
|
||||||
|
+ From: Jann Horn <jannh@google.com>
|
||||||
|
+ Subject: [SECURITY] polkit: temporary auth hijacking via PID reuse and non-atomic fork
|
||||||
|
+ Date: Wednesday, October 10, 2018 5:34 PM
|
||||||
|
+
|
||||||
|
+When a (non-root) user attempts to e.g. control systemd units in the system
|
||||||
|
+instance from an active session over DBus, the access is gated by a polkit
|
||||||
|
+policy that requires "auth_admin_keep" auth. This results in an auth prompt
|
||||||
|
+being shown to the user, asking the user to confirm the action by entering the
|
||||||
|
+password of an administrator account.
|
||||||
|
+
|
||||||
|
+After the action has been confirmed, the auth decision for "auth_admin_keep" is
|
||||||
|
+cached for up to five minutes. Subject to some restrictions, similar actions can
|
||||||
|
+then be performed in this timespan without requiring re-auth:
|
||||||
|
+
|
||||||
|
+ - The PID of the DBus client requesting the new action must match the PID of
|
||||||
|
+ the DBus client requesting the old action (based on SO_PEERCRED information
|
||||||
|
+ forwarded by the DBus daemon).
|
||||||
|
+ - The "start time" of the client's PID (as seen in /proc/$pid/stat, field 22)
|
||||||
|
+ must not have changed. The granularity of this timestamp is in the
|
||||||
|
+ millisecond range.
|
||||||
|
+ - polkit polls every two seconds whether a process with the expected start time
|
||||||
|
+ still exists. If not, the temporary auth entry is purged.
|
||||||
|
+
|
||||||
|
+Without the start time check, this would obviously be buggy because an attacker
|
||||||
|
+could simply wait for the legitimate client to disappear, then create a new
|
||||||
|
+client with the same PID.
|
||||||
|
+
|
||||||
|
+Unfortunately, the start time check is bypassable because fork() is not atomic.
|
||||||
|
+Looking at the source code of copy_process() in the kernel:
|
||||||
|
+
|
||||||
|
+ p->start_time = ktime_get_ns();
|
||||||
|
+ p->real_start_time = ktime_get_boot_ns();
|
||||||
|
+ [...]
|
||||||
|
+ retval = copy_thread_tls(clone_flags, stack_start, stack_size, p, tls);
|
||||||
|
+ if (retval)
|
||||||
|
+ goto bad_fork_cleanup_io;
|
||||||
|
+
|
||||||
|
+ if (pid != &init_struct_pid) {
|
||||||
|
+ pid = alloc_pid(p->nsproxy->pid_ns_for_children);
|
||||||
|
+ if (IS_ERR(pid)) {
|
||||||
|
+ retval = PTR_ERR(pid);
|
||||||
|
+ goto bad_fork_cleanup_thread;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+The ktime_get_boot_ns() call is where the "start time" of the process is
|
||||||
|
+recorded. The alloc_pid() call is where a free PID is allocated. In between
|
||||||
|
+these, some time passes; and because the copy_thread_tls() call between them can
|
||||||
|
+access userspace memory when sys_clone() is invoked through the 32-bit syscall
|
||||||
|
+entry point, an attacker can even stall the kernel arbitrarily long at this
|
||||||
|
+point (by supplying a pointer into userspace memory that is associated with a
|
||||||
|
+userfaultfd or is backed by a custom FUSE filesystem).
|
||||||
|
+
|
||||||
|
+This means that an attacker can immediately call sys_clone() when the victim
|
||||||
|
+process is created, often resulting in a process that has the exact same start
|
||||||
|
+time reported in procfs; and then the attacker can delay the alloc_pid() call
|
||||||
|
+until after the victim process has died and the PID assignment has cycled
|
||||||
|
+around. This results in an attacker process that polkit can't distinguish from
|
||||||
|
+the victim process.
|
||||||
|
+*/
|
||||||
|
+
|
||||||
|
+
|
||||||
|
/**
|
||||||
|
* PolkitUnixProcess:
|
||||||
|
*
|
||||||
|
diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
|
||||||
|
index a1630b9..80e8141 100644
|
||||||
|
--- a/src/polkitbackend/polkitbackendinteractiveauthority.c
|
||||||
|
+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
|
||||||
|
@@ -3031,6 +3031,43 @@ temporary_authorization_store_free (TemporaryAuthorizationStore *store)
|
||||||
|
g_free (store);
|
||||||
|
}
|
||||||
|
|
||||||
|
+/* See the comment at the top of polkitunixprocess.c */
|
||||||
|
+static gboolean
|
||||||
|
+subject_equal_for_authz (PolkitSubject *a,
|
||||||
|
+ PolkitSubject *b)
|
||||||
|
+{
|
||||||
|
+ if (!polkit_subject_equal (a, b))
|
||||||
|
+ return FALSE;
|
||||||
|
+
|
||||||
|
+ /* Now special case unix processes, as we want to protect against
|
||||||
|
+ * pid reuse by including the UID.
|
||||||
|
+ */
|
||||||
|
+ if (POLKIT_IS_UNIX_PROCESS (a) && POLKIT_IS_UNIX_PROCESS (b)) {
|
||||||
|
+ PolkitUnixProcess *ap = (PolkitUnixProcess*)a;
|
||||||
|
+ int uid_a = polkit_unix_process_get_uid ((PolkitUnixProcess*)a);
|
||||||
|
+ PolkitUnixProcess *bp = (PolkitUnixProcess*)b;
|
||||||
|
+ int uid_b = polkit_unix_process_get_uid ((PolkitUnixProcess*)b);
|
||||||
|
+
|
||||||
|
+ if (uid_a != -1 && uid_b != -1)
|
||||||
|
+ {
|
||||||
|
+ if (uid_a == uid_b)
|
||||||
|
+ {
|
||||||
|
+ return TRUE;
|
||||||
|
+ }
|
||||||
|
+ else
|
||||||
|
+ {
|
||||||
|
+ g_printerr ("denying slowfork; pid %d uid %d != %d!\n",
|
||||||
|
+ polkit_unix_process_get_pid (ap),
|
||||||
|
+ uid_a, uid_b);
|
||||||
|
+ return FALSE;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ /* Fall through; one of the uids is unset so we can't reliably compare */
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return TRUE;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
static gboolean
|
||||||
|
temporary_authorization_store_has_authorization (TemporaryAuthorizationStore *store,
|
||||||
|
PolkitSubject *subject,
|
||||||
|
@@ -3073,7 +3110,7 @@ temporary_authorization_store_has_authorization (TemporaryAuthorizationStore *st
|
||||||
|
TemporaryAuthorization *authorization = l->data;
|
||||||
|
|
||||||
|
if (strcmp (action_id, authorization->action_id) == 0 &&
|
||||||
|
- polkit_subject_equal (subject_to_use, authorization->subject))
|
||||||
|
+ subject_equal_for_authz (subject_to_use, authorization->subject))
|
||||||
|
{
|
||||||
|
ret = TRUE;
|
||||||
|
if (out_tmp_authz_id != NULL)
|
||||||
|
--
|
||||||
|
2.20.1
|
||||||
|
|
86
tty-echo-disabled-on-sigint.patch
Normal file
86
tty-echo-disabled-on-sigint.patch
Normal file
@ -0,0 +1,86 @@
|
|||||||
|
diff --git a/src/programs/pkttyagent.c b/src/programs/pkttyagent.c
|
||||||
|
index 3f324b8..3c8d502 100644
|
||||||
|
--- a/src/programs/pkttyagent.c
|
||||||
|
+++ b/src/programs/pkttyagent.c
|
||||||
|
@@ -25,11 +25,44 @@
|
||||||
|
|
||||||
|
#include <stdio.h>
|
||||||
|
#include <stdlib.h>
|
||||||
|
+#include <signal.h>
|
||||||
|
+#include <termios.h>
|
||||||
|
#include <glib/gi18n.h>
|
||||||
|
#include <polkit/polkit.h>
|
||||||
|
#define POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE
|
||||||
|
#include <polkitagent/polkitagent.h>
|
||||||
|
|
||||||
|
+
|
||||||
|
+static volatile sig_atomic_t tty_flags_saved;
|
||||||
|
+struct termios ts;
|
||||||
|
+FILE *tty = NULL;
|
||||||
|
+struct sigaction savesigterm, savesigint, savesigtstp;
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+static void tty_handler(int signal)
|
||||||
|
+{
|
||||||
|
+ switch (signal)
|
||||||
|
+ {
|
||||||
|
+ case SIGTERM:
|
||||||
|
+ sigaction (SIGTERM, &savesigterm, NULL);
|
||||||
|
+ break;
|
||||||
|
+ case SIGINT:
|
||||||
|
+ sigaction (SIGINT, &savesigint, NULL);
|
||||||
|
+ break;
|
||||||
|
+ case SIGTSTP:
|
||||||
|
+ sigaction (SIGTSTP, &savesigtstp, NULL);
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (tty_flags_saved)
|
||||||
|
+ {
|
||||||
|
+ tcsetattr (fileno (tty), TCSAFLUSH, &ts);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ kill(getpid(), signal);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+
|
||||||
|
int
|
||||||
|
main (int argc, char *argv[])
|
||||||
|
{
|
||||||
|
@@ -74,6 +107,8 @@ main (int argc, char *argv[])
|
||||||
|
GMainLoop *loop = NULL;
|
||||||
|
guint ret = 126;
|
||||||
|
GVariantBuilder builder;
|
||||||
|
+ struct sigaction sa;
|
||||||
|
+ const char *tty_name = NULL;
|
||||||
|
|
||||||
|
/* Disable remote file access from GIO. */
|
||||||
|
setenv ("GIO_USE_VFS", "local", 1);
|
||||||
|
@@ -212,6 +247,27 @@ main (int argc, char *argv[])
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
+/* Bash leaves tty echo disabled if SIGINT/SIGTERM comes to polkitagenttextlistener.c::on_request(),
|
||||||
|
+ but due to threading the handlers cannot take care of the signal there.
|
||||||
|
+ Though if controlling terminal cannot be found, the world won't stop spinning.
|
||||||
|
+*/
|
||||||
|
+ tty_name = ctermid(NULL);
|
||||||
|
+ if (tty_name != NULL)
|
||||||
|
+ {
|
||||||
|
+ tty = fopen(tty_name, "r+");
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (tty != NULL && !tcgetattr (fileno (tty), &ts))
|
||||||
|
+ {
|
||||||
|
+ tty_flags_saved = TRUE;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ memset (&sa, 0, sizeof (sa));
|
||||||
|
+ sa.sa_handler = &tty_handler;
|
||||||
|
+ sigaction (SIGTERM, &sa, &savesigterm);
|
||||||
|
+ sigaction (SIGINT, &sa, &savesigint);
|
||||||
|
+ sigaction (SIGTSTP, &sa, &savesigtstp);
|
||||||
|
+
|
||||||
|
loop = g_main_loop_new (NULL, FALSE);
|
||||||
|
g_main_loop_run (loop);
|
||||||
|
|
Loading…
Reference in New Issue
Block a user