summaryrefslogtreecommitdiff
path: root/user/polkit/CVE-2018-19788.patch
diff options
context:
space:
mode:
Diffstat (limited to 'user/polkit/CVE-2018-19788.patch')
-rw-r--r--user/polkit/CVE-2018-19788.patch183
1 files changed, 0 insertions, 183 deletions
diff --git a/user/polkit/CVE-2018-19788.patch b/user/polkit/CVE-2018-19788.patch
deleted file mode 100644
index 6a2845aca..000000000
--- a/user/polkit/CVE-2018-19788.patch
+++ /dev/null
@@ -1,183 +0,0 @@
-From 35af308b530f36c1a0a912387106a59b3ab92027 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Mon, 3 Dec 2018 10:28:58 +0100
-Subject: [PATCH 1/2] Use default of -1 for uid/gid in class initialization
-
-This doesn't seem to change anything in polkitd behaviour, but it
-seems cleaner to default to -1 which here means "unset".
----
- src/polkit/polkitunixgroup.c | 4 ++--
- src/polkit/polkitunixuser.c | 4 ++--
- 2 files changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/src/polkit/polkitunixgroup.c b/src/polkit/polkitunixgroup.c
-index c57a1aa..095cca0 100644
---- a/src/polkit/polkitunixgroup.c
-+++ b/src/polkit/polkitunixgroup.c
-@@ -131,9 +131,9 @@ polkit_unix_group_class_init (PolkitUnixGroupClass *klass)
- g_param_spec_int ("gid",
- "Group ID",
- "The UNIX group ID",
-- 0,
-+ -1,
- G_MAXINT,
-- 0,
-+ -1,
- G_PARAM_CONSTRUCT |
- G_PARAM_READWRITE |
- G_PARAM_STATIC_NAME |
-diff --git a/src/polkit/polkitunixuser.c b/src/polkit/polkitunixuser.c
-index 8bfd3a1..a5285f4 100644
---- a/src/polkit/polkitunixuser.c
-+++ b/src/polkit/polkitunixuser.c
-@@ -144,9 +144,9 @@ polkit_unix_user_class_init (PolkitUnixUserClass *klass)
- g_param_spec_int ("uid",
- "User ID",
- "The UNIX user ID",
-- 0,
-+ -1,
- G_MAXINT,
-- 0,
-+ -1,
- G_PARAM_CONSTRUCT |
- G_PARAM_READWRITE |
- G_PARAM_STATIC_NAME |
---
-2.18.1
-
-
-From fbaab32cb4ed9ed5f1e3eea6cd317d443aa427dc Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Mon, 3 Dec 2018 12:51:26 +0100
-Subject: [PATCH 2/2] Check gid and uid initalization in PolkitUnixUser and
- Group objects
-
-When a user or group above INT32_MAX is created, the numeric uid or
-gid wraps around to negative when the value is assigned to gint, and
-polkit gets confused. Let's refuse such uids and gids.
-
-This patch just refuses to initialize uid and gid values to negative.
-A nicer fix is to change the underlying type to e.g. gint64 to allow
-the full range of values in uid_t and gid_t to be represented. But
-this cannot be done without breaking the API, so likely new functions
-will have to be added (a polkit_unix_user_new variant that takes a
-gint64, and the same for _group_new, _set_uid, _get_uid, _set_gid,
-_get_gid, etc.). This will require a bigger patch.
-
-Fixes https://gitlab.freedesktop.org/polkit/polkit/issues/74.
-
-Example sessions from uid=4000000000:
-
-Dec 03 14:35:08 krowka polkitd[21432]: system-bus-name::1.41869 is inquiring whether system-bus-name::1.79432 is authorized for org.freedesktop.systemd1.manage-units
-Dec 03 14:35:08 krowka polkitd[21432]: user of caller is unix-user:root
-Dec 03 14:35:08 krowka polkitd[21432]: polkit_unix_user_new: assertion 'uid >= 0' failed
-Dec 03 14:35:08 krowka polkitd[21432]: polkit_identity_to_string: assertion 'POLKIT_IS_IDENTITY (identity)' failed
-Dec 03 14:35:08 krowka polkitd[21432]: user of subject is (null)
-Dec 03 14:35:08 krowka polkitd[21432]: polkit_identity_equal: assertion 'POLKIT_IS_IDENTITY (b)' failed
-Dec 03 14:35:08 krowka polkitd[21432]: checking whether system-bus-name::1.79432 is authorized for org.freedesktop.systemd1.manage-units
-Dec 03 14:35:08 krowka polkitd[21432]: polkit_unix_user_new: assertion 'uid >= 0' failed
-Dec 03 14:35:08 krowka polkitd[21432]:
-Dec 03 14:35:08 krowka polkitd[21432]: polkit_authorization_result_get_is_challenge: assertion 'POLKIT_IS_AUTHORIZATION_RESULT (result)' failed
-Dec 03 14:35:08 krowka polkitd[21432]: g_object_ref: assertion 'G_IS_OBJECT (object)' failed
-Dec 03 14:35:08 krowka polkitd[21432]: g_object_ref: assertion 'G_IS_OBJECT (object)' failed
-Dec 03 14:35:08 krowka polkitd[21432]: polkit_authorization_result_get_details: assertion 'POLKIT_IS_AUTHORIZATION_RESULT (result)' failed
-Dec 03 14:35:08 krowka polkitd[21432]: polkit_authorization_result_get_is_challenge: assertion 'POLKIT_IS_AUTHORIZATION_RESULT (result)' failed
-Dec 03 14:35:08 krowka polkitd[21432]: polkit_authorization_result_get_is_authorized: assertion 'POLKIT_IS_AUTHORIZATION_RESULT (result)' failed
-Dec 03 14:35:08 krowka polkitd[21432]: g_object_unref: assertion 'G_IS_OBJECT (object)' failed
-Dec 03 14:35:08 krowka polkitd[21432]: g_object_unref: assertion 'G_IS_OBJECT (object)' failed
----
- src/polkit/polkitunixgroup.c | 9 ++++++++-
- src/polkit/polkitunixuser.c | 7 +++++++
- 2 files changed, 15 insertions(+), 1 deletion(-)
-
-diff --git a/src/polkit/polkitunixgroup.c b/src/polkit/polkitunixgroup.c
-index 095cca0..53db862 100644
---- a/src/polkit/polkitunixgroup.c
-+++ b/src/polkit/polkitunixgroup.c
-@@ -71,6 +71,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixGroup, polkit_unix_group, G_TYPE_OBJECT,
- static void
- polkit_unix_group_init (PolkitUnixGroup *unix_group)
- {
-+ unix_group->gid = -1;
- }
-
- static void
-@@ -100,11 +101,14 @@ polkit_unix_group_set_property (GObject *object,
- GParamSpec *pspec)
- {
- PolkitUnixGroup *unix_group = POLKIT_UNIX_GROUP (object);
-+ gint val;
-
- switch (prop_id)
- {
- case PROP_GID:
-- unix_group->gid = g_value_get_int (value);
-+ val = g_value_get_int (value);
-+ g_return_if_fail (val >= 0);
-+ unix_group->gid = val;
- break;
-
- default:
-@@ -169,6 +173,7 @@ polkit_unix_group_set_gid (PolkitUnixGroup *group,
- gint gid)
- {
- g_return_if_fail (POLKIT_IS_UNIX_GROUP (group));
-+ g_return_if_fail (gid >= 0);
- group->gid = gid;
- }
-
-@@ -183,6 +188,8 @@ polkit_unix_group_set_gid (PolkitUnixGroup *group,
- PolkitIdentity *
- polkit_unix_group_new (gint gid)
- {
-+ g_return_val_if_fail (gid >= 0, NULL);
-+
- return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_GROUP,
- "gid", gid,
- NULL));
-diff --git a/src/polkit/polkitunixuser.c b/src/polkit/polkitunixuser.c
-index a5285f4..ef6403e 100644
---- a/src/polkit/polkitunixuser.c
-+++ b/src/polkit/polkitunixuser.c
-@@ -72,6 +72,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixUser, polkit_unix_user, G_TYPE_OBJECT,
- static void
- polkit_unix_user_init (PolkitUnixUser *unix_user)
- {
-+ unix_user->uid = -1;
- unix_user->name = NULL;
- }
-
-@@ -112,10 +113,13 @@ polkit_unix_user_set_property (GObject *object,
- GParamSpec *pspec)
- {
- PolkitUnixUser *unix_user = POLKIT_UNIX_USER (object);
-+ gint val;
-
- switch (prop_id)
- {
- case PROP_UID:
-+ val = g_value_get_int (value);
-+ g_return_if_fail (val >= 0);
- unix_user->uid = g_value_get_int (value);
- break;
-
-@@ -182,6 +186,7 @@ polkit_unix_user_set_uid (PolkitUnixUser *user,
- gint uid)
- {
- g_return_if_fail (POLKIT_IS_UNIX_USER (user));
-+ g_return_if_fail (uid >= 0);
- user->uid = uid;
- }
-
-@@ -196,6 +201,8 @@ polkit_unix_user_set_uid (PolkitUnixUser *user,
- PolkitIdentity *
- polkit_unix_user_new (gint uid)
- {
-+ g_return_val_if_fail (uid >= 0, NULL);
-+
- return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_USER,
- "uid", uid,
- NULL));
---
-2.18.1
-