diff options
Diffstat (limited to 'user/polkit/CVE-2018-19788.patch')
-rw-r--r-- | user/polkit/CVE-2018-19788.patch | 183 |
1 files changed, 0 insertions, 183 deletions
diff --git a/user/polkit/CVE-2018-19788.patch b/user/polkit/CVE-2018-19788.patch deleted file mode 100644 index 6a2845aca..000000000 --- a/user/polkit/CVE-2018-19788.patch +++ /dev/null @@ -1,183 +0,0 @@ -From 35af308b530f36c1a0a912387106a59b3ab92027 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> -Date: Mon, 3 Dec 2018 10:28:58 +0100 -Subject: [PATCH 1/2] Use default of -1 for uid/gid in class initialization - -This doesn't seem to change anything in polkitd behaviour, but it -seems cleaner to default to -1 which here means "unset". ---- - src/polkit/polkitunixgroup.c | 4 ++-- - src/polkit/polkitunixuser.c | 4 ++-- - 2 files changed, 4 insertions(+), 4 deletions(-) - -diff --git a/src/polkit/polkitunixgroup.c b/src/polkit/polkitunixgroup.c -index c57a1aa..095cca0 100644 ---- a/src/polkit/polkitunixgroup.c -+++ b/src/polkit/polkitunixgroup.c -@@ -131,9 +131,9 @@ polkit_unix_group_class_init (PolkitUnixGroupClass *klass) - g_param_spec_int ("gid", - "Group ID", - "The UNIX group ID", -- 0, -+ -1, - G_MAXINT, -- 0, -+ -1, - G_PARAM_CONSTRUCT | - G_PARAM_READWRITE | - G_PARAM_STATIC_NAME | -diff --git a/src/polkit/polkitunixuser.c b/src/polkit/polkitunixuser.c -index 8bfd3a1..a5285f4 100644 ---- a/src/polkit/polkitunixuser.c -+++ b/src/polkit/polkitunixuser.c -@@ -144,9 +144,9 @@ polkit_unix_user_class_init (PolkitUnixUserClass *klass) - g_param_spec_int ("uid", - "User ID", - "The UNIX user ID", -- 0, -+ -1, - G_MAXINT, -- 0, -+ -1, - G_PARAM_CONSTRUCT | - G_PARAM_READWRITE | - G_PARAM_STATIC_NAME | --- -2.18.1 - - -From fbaab32cb4ed9ed5f1e3eea6cd317d443aa427dc Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> -Date: Mon, 3 Dec 2018 12:51:26 +0100 -Subject: [PATCH 2/2] Check gid and uid initalization in PolkitUnixUser and - Group objects - -When a user or group above INT32_MAX is created, the numeric uid or -gid wraps around to negative when the value is assigned to gint, and -polkit gets confused. Let's refuse such uids and gids. - -This patch just refuses to initialize uid and gid values to negative. -A nicer fix is to change the underlying type to e.g. gint64 to allow -the full range of values in uid_t and gid_t to be represented. But -this cannot be done without breaking the API, so likely new functions -will have to be added (a polkit_unix_user_new variant that takes a -gint64, and the same for _group_new, _set_uid, _get_uid, _set_gid, -_get_gid, etc.). This will require a bigger patch. - -Fixes https://gitlab.freedesktop.org/polkit/polkit/issues/74. - -Example sessions from uid=4000000000: - -Dec 03 14:35:08 krowka polkitd[21432]: system-bus-name::1.41869 is inquiring whether system-bus-name::1.79432 is authorized for org.freedesktop.systemd1.manage-units -Dec 03 14:35:08 krowka polkitd[21432]: user of caller is unix-user:root -Dec 03 14:35:08 krowka polkitd[21432]: polkit_unix_user_new: assertion 'uid >= 0' failed -Dec 03 14:35:08 krowka polkitd[21432]: polkit_identity_to_string: assertion 'POLKIT_IS_IDENTITY (identity)' failed -Dec 03 14:35:08 krowka polkitd[21432]: user of subject is (null) -Dec 03 14:35:08 krowka polkitd[21432]: polkit_identity_equal: assertion 'POLKIT_IS_IDENTITY (b)' failed -Dec 03 14:35:08 krowka polkitd[21432]: checking whether system-bus-name::1.79432 is authorized for org.freedesktop.systemd1.manage-units -Dec 03 14:35:08 krowka polkitd[21432]: polkit_unix_user_new: assertion 'uid >= 0' failed -Dec 03 14:35:08 krowka polkitd[21432]: -Dec 03 14:35:08 krowka polkitd[21432]: polkit_authorization_result_get_is_challenge: assertion 'POLKIT_IS_AUTHORIZATION_RESULT (result)' failed -Dec 03 14:35:08 krowka polkitd[21432]: g_object_ref: assertion 'G_IS_OBJECT (object)' failed -Dec 03 14:35:08 krowka polkitd[21432]: g_object_ref: assertion 'G_IS_OBJECT (object)' failed -Dec 03 14:35:08 krowka polkitd[21432]: polkit_authorization_result_get_details: assertion 'POLKIT_IS_AUTHORIZATION_RESULT (result)' failed -Dec 03 14:35:08 krowka polkitd[21432]: polkit_authorization_result_get_is_challenge: assertion 'POLKIT_IS_AUTHORIZATION_RESULT (result)' failed -Dec 03 14:35:08 krowka polkitd[21432]: polkit_authorization_result_get_is_authorized: assertion 'POLKIT_IS_AUTHORIZATION_RESULT (result)' failed -Dec 03 14:35:08 krowka polkitd[21432]: g_object_unref: assertion 'G_IS_OBJECT (object)' failed -Dec 03 14:35:08 krowka polkitd[21432]: g_object_unref: assertion 'G_IS_OBJECT (object)' failed ---- - src/polkit/polkitunixgroup.c | 9 ++++++++- - src/polkit/polkitunixuser.c | 7 +++++++ - 2 files changed, 15 insertions(+), 1 deletion(-) - -diff --git a/src/polkit/polkitunixgroup.c b/src/polkit/polkitunixgroup.c -index 095cca0..53db862 100644 ---- a/src/polkit/polkitunixgroup.c -+++ b/src/polkit/polkitunixgroup.c -@@ -71,6 +71,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixGroup, polkit_unix_group, G_TYPE_OBJECT, - static void - polkit_unix_group_init (PolkitUnixGroup *unix_group) - { -+ unix_group->gid = -1; - } - - static void -@@ -100,11 +101,14 @@ polkit_unix_group_set_property (GObject *object, - GParamSpec *pspec) - { - PolkitUnixGroup *unix_group = POLKIT_UNIX_GROUP (object); -+ gint val; - - switch (prop_id) - { - case PROP_GID: -- unix_group->gid = g_value_get_int (value); -+ val = g_value_get_int (value); -+ g_return_if_fail (val >= 0); -+ unix_group->gid = val; - break; - - default: -@@ -169,6 +173,7 @@ polkit_unix_group_set_gid (PolkitUnixGroup *group, - gint gid) - { - g_return_if_fail (POLKIT_IS_UNIX_GROUP (group)); -+ g_return_if_fail (gid >= 0); - group->gid = gid; - } - -@@ -183,6 +188,8 @@ polkit_unix_group_set_gid (PolkitUnixGroup *group, - PolkitIdentity * - polkit_unix_group_new (gint gid) - { -+ g_return_val_if_fail (gid >= 0, NULL); -+ - return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_GROUP, - "gid", gid, - NULL)); -diff --git a/src/polkit/polkitunixuser.c b/src/polkit/polkitunixuser.c -index a5285f4..ef6403e 100644 ---- a/src/polkit/polkitunixuser.c -+++ b/src/polkit/polkitunixuser.c -@@ -72,6 +72,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixUser, polkit_unix_user, G_TYPE_OBJECT, - static void - polkit_unix_user_init (PolkitUnixUser *unix_user) - { -+ unix_user->uid = -1; - unix_user->name = NULL; - } - -@@ -112,10 +113,13 @@ polkit_unix_user_set_property (GObject *object, - GParamSpec *pspec) - { - PolkitUnixUser *unix_user = POLKIT_UNIX_USER (object); -+ gint val; - - switch (prop_id) - { - case PROP_UID: -+ val = g_value_get_int (value); -+ g_return_if_fail (val >= 0); - unix_user->uid = g_value_get_int (value); - break; - -@@ -182,6 +186,7 @@ polkit_unix_user_set_uid (PolkitUnixUser *user, - gint uid) - { - g_return_if_fail (POLKIT_IS_UNIX_USER (user)); -+ g_return_if_fail (uid >= 0); - user->uid = uid; - } - -@@ -196,6 +201,8 @@ polkit_unix_user_set_uid (PolkitUnixUser *user, - PolkitIdentity * - polkit_unix_user_new (gint uid) - { -+ g_return_val_if_fail (uid >= 0, NULL); -+ - return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_USER, - "uid", uid, - NULL)); --- -2.18.1 - |