summaryrefslogtreecommitdiff
path: root/user
diff options
context:
space:
mode:
Diffstat (limited to 'user')
-rw-r--r--user/polkit/APKBUILD8
-rw-r--r--user/polkit/CVE-2018-19788.patch183
2 files changed, 190 insertions, 1 deletions
diff --git a/user/polkit/APKBUILD b/user/polkit/APKBUILD
index ea5cb0c02..05976199d 100644
--- a/user/polkit/APKBUILD
+++ b/user/polkit/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: A. Wilcox <awilfox@adelielinux.org>
pkgname=polkit
pkgver=0.115
-pkgrel=1
+pkgrel=2
pkgdesc="Toolkit for controlling system-wide privileges"
url="https://www.freedesktop.org/wiki/Software/polkit/"
arch="all"
@@ -17,10 +17,15 @@ pkggroups="polkitd"
install="$pkgname.pre-install"
source="https://www.freedesktop.org/software/polkit/releases/polkit-$pkgver.tar.gz
0001-make-netgroup-support-optional.patch
+ CVE-2018-19788.patch
fix-consolekit-db-stat.patch
fix-test-fgetpwent.patch
"
+# secfixes:
+# 0.115-r2:
+# - CVE-2018-19788
+
prepare() {
cd "$builddir"
default_prepare
@@ -63,5 +68,6 @@ package() {
sha512sums="1153011fa93145b2c184e6b3446d3ca21b38918641aeccd8fac3985ac3e30ec6bc75be6973985fde90f2a24236592f1595be259155061c2d33358dd17c4ee4fc polkit-0.115.tar.gz
6d68d90e6dc9594175631c99699d4d949fba6d2d1ad66680897f9a17e9dc3c17b44f2bc06ed4f6149931e17a96baaf481981fb0698aace7c81a67c06c2806c29 0001-make-netgroup-support-optional.patch
+4a2a11c1de8ef11def9c32b4b595fd45066aeaeb0cb42665846e3c7b8c6f5b7d3a782d722a25889afdb6a4414abed0837a359692342baaeb770d0e9712818ce1 CVE-2018-19788.patch
95493ef842b46ce9e724933a5d86083589075fb452435057b8f629643cac7c7eff67a24fd188087987e98057f0130757fad546d0c090767da3d71ebaf8485a24 fix-consolekit-db-stat.patch
966825aded565432f4fda9e54113a773b514ebf7ee7faa83bcb8b97d218ae84a8707d6747bbc3cb8a828638d692fdef34c05038f150ad38e02a29f2c782aba5b fix-test-fgetpwent.patch"
diff --git a/user/polkit/CVE-2018-19788.patch b/user/polkit/CVE-2018-19788.patch
new file mode 100644
index 000000000..6a2845aca
--- /dev/null
+++ b/user/polkit/CVE-2018-19788.patch
@@ -0,0 +1,183 @@
+From 35af308b530f36c1a0a912387106a59b3ab92027 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Mon, 3 Dec 2018 10:28:58 +0100
+Subject: [PATCH 1/2] Use default of -1 for uid/gid in class initialization
+
+This doesn't seem to change anything in polkitd behaviour, but it
+seems cleaner to default to -1 which here means "unset".
+---
+ src/polkit/polkitunixgroup.c | 4 ++--
+ src/polkit/polkitunixuser.c | 4 ++--
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/polkit/polkitunixgroup.c b/src/polkit/polkitunixgroup.c
+index c57a1aa..095cca0 100644
+--- a/src/polkit/polkitunixgroup.c
++++ b/src/polkit/polkitunixgroup.c
+@@ -131,9 +131,9 @@ polkit_unix_group_class_init (PolkitUnixGroupClass *klass)
+ g_param_spec_int ("gid",
+ "Group ID",
+ "The UNIX group ID",
+- 0,
++ -1,
+ G_MAXINT,
+- 0,
++ -1,
+ G_PARAM_CONSTRUCT |
+ G_PARAM_READWRITE |
+ G_PARAM_STATIC_NAME |
+diff --git a/src/polkit/polkitunixuser.c b/src/polkit/polkitunixuser.c
+index 8bfd3a1..a5285f4 100644
+--- a/src/polkit/polkitunixuser.c
++++ b/src/polkit/polkitunixuser.c
+@@ -144,9 +144,9 @@ polkit_unix_user_class_init (PolkitUnixUserClass *klass)
+ g_param_spec_int ("uid",
+ "User ID",
+ "The UNIX user ID",
+- 0,
++ -1,
+ G_MAXINT,
+- 0,
++ -1,
+ G_PARAM_CONSTRUCT |
+ G_PARAM_READWRITE |
+ G_PARAM_STATIC_NAME |
+--
+2.18.1
+
+
+From fbaab32cb4ed9ed5f1e3eea6cd317d443aa427dc Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Mon, 3 Dec 2018 12:51:26 +0100
+Subject: [PATCH 2/2] Check gid and uid initalization in PolkitUnixUser and
+ Group objects
+
+When a user or group above INT32_MAX is created, the numeric uid or
+gid wraps around to negative when the value is assigned to gint, and
+polkit gets confused. Let's refuse such uids and gids.
+
+This patch just refuses to initialize uid and gid values to negative.
+A nicer fix is to change the underlying type to e.g. gint64 to allow
+the full range of values in uid_t and gid_t to be represented. But
+this cannot be done without breaking the API, so likely new functions
+will have to be added (a polkit_unix_user_new variant that takes a
+gint64, and the same for _group_new, _set_uid, _get_uid, _set_gid,
+_get_gid, etc.). This will require a bigger patch.
+
+Fixes https://gitlab.freedesktop.org/polkit/polkit/issues/74.
+
+Example sessions from uid=4000000000:
+
+Dec 03 14:35:08 krowka polkitd[21432]: system-bus-name::1.41869 is inquiring whether system-bus-name::1.79432 is authorized for org.freedesktop.systemd1.manage-units
+Dec 03 14:35:08 krowka polkitd[21432]: user of caller is unix-user:root
+Dec 03 14:35:08 krowka polkitd[21432]: polkit_unix_user_new: assertion 'uid >= 0' failed
+Dec 03 14:35:08 krowka polkitd[21432]: polkit_identity_to_string: assertion 'POLKIT_IS_IDENTITY (identity)' failed
+Dec 03 14:35:08 krowka polkitd[21432]: user of subject is (null)
+Dec 03 14:35:08 krowka polkitd[21432]: polkit_identity_equal: assertion 'POLKIT_IS_IDENTITY (b)' failed
+Dec 03 14:35:08 krowka polkitd[21432]: checking whether system-bus-name::1.79432 is authorized for org.freedesktop.systemd1.manage-units
+Dec 03 14:35:08 krowka polkitd[21432]: polkit_unix_user_new: assertion 'uid >= 0' failed
+Dec 03 14:35:08 krowka polkitd[21432]:
+Dec 03 14:35:08 krowka polkitd[21432]: polkit_authorization_result_get_is_challenge: assertion 'POLKIT_IS_AUTHORIZATION_RESULT (result)' failed
+Dec 03 14:35:08 krowka polkitd[21432]: g_object_ref: assertion 'G_IS_OBJECT (object)' failed
+Dec 03 14:35:08 krowka polkitd[21432]: g_object_ref: assertion 'G_IS_OBJECT (object)' failed
+Dec 03 14:35:08 krowka polkitd[21432]: polkit_authorization_result_get_details: assertion 'POLKIT_IS_AUTHORIZATION_RESULT (result)' failed
+Dec 03 14:35:08 krowka polkitd[21432]: polkit_authorization_result_get_is_challenge: assertion 'POLKIT_IS_AUTHORIZATION_RESULT (result)' failed
+Dec 03 14:35:08 krowka polkitd[21432]: polkit_authorization_result_get_is_authorized: assertion 'POLKIT_IS_AUTHORIZATION_RESULT (result)' failed
+Dec 03 14:35:08 krowka polkitd[21432]: g_object_unref: assertion 'G_IS_OBJECT (object)' failed
+Dec 03 14:35:08 krowka polkitd[21432]: g_object_unref: assertion 'G_IS_OBJECT (object)' failed
+---
+ src/polkit/polkitunixgroup.c | 9 ++++++++-
+ src/polkit/polkitunixuser.c | 7 +++++++
+ 2 files changed, 15 insertions(+), 1 deletion(-)
+
+diff --git a/src/polkit/polkitunixgroup.c b/src/polkit/polkitunixgroup.c
+index 095cca0..53db862 100644
+--- a/src/polkit/polkitunixgroup.c
++++ b/src/polkit/polkitunixgroup.c
+@@ -71,6 +71,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixGroup, polkit_unix_group, G_TYPE_OBJECT,
+ static void
+ polkit_unix_group_init (PolkitUnixGroup *unix_group)
+ {
++ unix_group->gid = -1;
+ }
+
+ static void
+@@ -100,11 +101,14 @@ polkit_unix_group_set_property (GObject *object,
+ GParamSpec *pspec)
+ {
+ PolkitUnixGroup *unix_group = POLKIT_UNIX_GROUP (object);
++ gint val;
+
+ switch (prop_id)
+ {
+ case PROP_GID:
+- unix_group->gid = g_value_get_int (value);
++ val = g_value_get_int (value);
++ g_return_if_fail (val >= 0);
++ unix_group->gid = val;
+ break;
+
+ default:
+@@ -169,6 +173,7 @@ polkit_unix_group_set_gid (PolkitUnixGroup *group,
+ gint gid)
+ {
+ g_return_if_fail (POLKIT_IS_UNIX_GROUP (group));
++ g_return_if_fail (gid >= 0);
+ group->gid = gid;
+ }
+
+@@ -183,6 +188,8 @@ polkit_unix_group_set_gid (PolkitUnixGroup *group,
+ PolkitIdentity *
+ polkit_unix_group_new (gint gid)
+ {
++ g_return_val_if_fail (gid >= 0, NULL);
++
+ return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_GROUP,
+ "gid", gid,
+ NULL));
+diff --git a/src/polkit/polkitunixuser.c b/src/polkit/polkitunixuser.c
+index a5285f4..ef6403e 100644
+--- a/src/polkit/polkitunixuser.c
++++ b/src/polkit/polkitunixuser.c
+@@ -72,6 +72,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixUser, polkit_unix_user, G_TYPE_OBJECT,
+ static void
+ polkit_unix_user_init (PolkitUnixUser *unix_user)
+ {
++ unix_user->uid = -1;
+ unix_user->name = NULL;
+ }
+
+@@ -112,10 +113,13 @@ polkit_unix_user_set_property (GObject *object,
+ GParamSpec *pspec)
+ {
+ PolkitUnixUser *unix_user = POLKIT_UNIX_USER (object);
++ gint val;
+
+ switch (prop_id)
+ {
+ case PROP_UID:
++ val = g_value_get_int (value);
++ g_return_if_fail (val >= 0);
+ unix_user->uid = g_value_get_int (value);
+ break;
+
+@@ -182,6 +186,7 @@ polkit_unix_user_set_uid (PolkitUnixUser *user,
+ gint uid)
+ {
+ g_return_if_fail (POLKIT_IS_UNIX_USER (user));
++ g_return_if_fail (uid >= 0);
+ user->uid = uid;
+ }
+
+@@ -196,6 +201,8 @@ polkit_unix_user_set_uid (PolkitUnixUser *user,
+ PolkitIdentity *
+ polkit_unix_user_new (gint uid)
+ {
++ g_return_val_if_fail (uid >= 0, NULL);
++
+ return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_USER,
+ "uid", uid,
+ NULL));
+--
+2.18.1
+