diff options
Diffstat (limited to 'user/kauth/CVE-2019-7443.patch')
| -rw-r--r-- | user/kauth/CVE-2019-7443.patch | 68 |
1 files changed, 0 insertions, 68 deletions
diff --git a/user/kauth/CVE-2019-7443.patch b/user/kauth/CVE-2019-7443.patch deleted file mode 100644 index 5b11cd8f5..000000000 --- a/user/kauth/CVE-2019-7443.patch +++ /dev/null @@ -1,68 +0,0 @@ -From fc70fb0161c1b9144d26389434d34dd135cd3f4a Mon Sep 17 00:00:00 2001 -From: Albert Astals Cid <aacid@kde.org> -Date: Sat, 2 Feb 2019 14:35:25 +0100 -Subject: Remove support for passing gui QVariants to KAuth helpers - -Supporting gui variants is very dangerous since they can end up triggering -image loading plugins which are one of the biggest vectors for crashes, which -for very smart people mean possible code execution, which is very dangerous -in code that is executed as root. - -We've checked all the KAuth helpers inside KDE git and none seems to be using -gui variants, so we're not actually limiting anything that people wanted to do. - -Reviewed by security@kde.org and Aleix Pol - -Issue reported by Fabian Vogt ---- - src/backends/dbus/DBusHelperProxy.cpp | 9 +++++++++ - src/kauthaction.h | 2 ++ - 2 files changed, 11 insertions(+) - -diff --git a/src/backends/dbus/DBusHelperProxy.cpp b/src/backends/dbus/DBusHelperProxy.cpp -index 10c14c6..8f0d336 100644 ---- a/src/backends/dbus/DBusHelperProxy.cpp -+++ b/src/backends/dbus/DBusHelperProxy.cpp -@@ -31,6 +31,8 @@ - #include "kf5authadaptor.h" - #include "kauthdebug.h" - -+extern Q_CORE_EXPORT const QMetaTypeInterface *qMetaTypeGuiHelper; -+ - namespace KAuth - { - -@@ -229,10 +231,17 @@ QByteArray DBusHelperProxy::performAction(const QString &action, const QByteArra - return ActionReply::HelperBusyReply().serialized(); - } - -+ // Make sure we don't try restoring gui variants, in particular QImage/QPixmap/QIcon are super dangerous -+ // since they end up calling the image loaders and thus are a vector for crashing → executing code -+ auto origMetaTypeGuiHelper = qMetaTypeGuiHelper; -+ qMetaTypeGuiHelper = nullptr; -+ - QVariantMap args; - QDataStream s(&arguments, QIODevice::ReadOnly); - s >> args; - -+ qMetaTypeGuiHelper = origMetaTypeGuiHelper; -+ - m_currentAction = action; - emit remoteSignal(ActionStarted, action, QByteArray()); - QEventLoop e; -diff --git a/src/kauthaction.h b/src/kauthaction.h -index c67a70a..01f3ba1 100644 ---- a/src/kauthaction.h -+++ b/src/kauthaction.h -@@ -298,6 +298,8 @@ public: - * This method sets the variant map that the application - * can use to pass arbitrary data to the helper when executing the action. - * -+ * Only non-gui variants are supported. -+ * - * @param arguments The new arguments map - */ - void setArguments(const QVariantMap &arguments); --- -cgit v1.1 - |