From c86aec496298fb20f0770f5ce9a2a37935f7aa5b Mon Sep 17 00:00:00 2001
From: "A. Wilcox" <AWilcox@Wilcox-Tech.com>
Date: Fri, 8 Jun 2018 02:11:51 -0500
Subject: put user stuff in user, not system

---
 user/polkit/CVE-2013-4288.patch | 123 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 123 insertions(+)
 create mode 100644 user/polkit/CVE-2013-4288.patch

(limited to 'user/polkit/CVE-2013-4288.patch')

diff --git a/user/polkit/CVE-2013-4288.patch b/user/polkit/CVE-2013-4288.patch
new file mode 100644
index 000000000..0ca8131e8
--- /dev/null
+++ b/user/polkit/CVE-2013-4288.patch
@@ -0,0 +1,123 @@
+From a3fa3b86f0015e42a534526ed800bcde5b3f2a15 Mon Sep 17 00:00:00 2001
+From: Colin Walters <walters@verbum.org>
+Date: Mon, 19 Aug 2013 12:16:11 -0400
+Subject: [PATCH] pkcheck: Support --process=pid,start-time,uid syntax too
+
+The uid is a new addition; this allows callers such as libvirt to
+close a race condition in reading the uid of the process talking to
+them.  They can read it via getsockopt(SO_PEERCRED) or equivalent,
+rather than having pkcheck look at /proc later after the fact.
+
+Programs which invoke pkcheck but need to know beforehand (i.e.  at
+compile time) whether or not it supports passing the uid can
+use:
+
+pkcheck_supports_uid=$($PKG_CONFIG --variable pkcheck_supports_uid polkit-gobject-1)
+test x$pkcheck_supports_uid = xyes
+
+Conflicts:
+	docs/man/pkcheck.xml
+	src/programs/pkcheck.c
+---
+ data/polkit-gobject-1.pc.in |  3 +++
+ docs/man/pkcheck.xml        | 33 +++++++++++++++++++++------------
+ src/programs/pkcheck.c      |  7 ++++++-
+ 3 files changed, 30 insertions(+), 13 deletions(-)
+
+diff --git a/data/polkit-gobject-1.pc.in b/data/polkit-gobject-1.pc.in
+index c39677d..5c4c620 100644
+--- a/data/polkit-gobject-1.pc.in
++++ b/data/polkit-gobject-1.pc.in
+@@ -11,3 +11,6 @@ Version: @VERSION@
+ Libs: -L${libdir} -lpolkit-gobject-1
+ Cflags: -I${includedir}/polkit-1
+ Requires: gio-2.0 >= 2.18 glib-2.0 >= 2.18
++# Programs using pkcheck can use this to determine
++# whether or not it can be passed a uid.
++pkcheck_supports_uid=true
+diff --git a/docs/man/pkcheck.xml b/docs/man/pkcheck.xml
+index 6b8a874..9f2faef 100644
+--- a/docs/man/pkcheck.xml
++++ b/docs/man/pkcheck.xml
+@@ -55,6 +55,9 @@
+             <arg choice="plain">
+               <replaceable>pid,pid-start-time</replaceable>
+             </arg>
++            <arg choice="plain">
++              <replaceable>pid,pid-start-time,uid</replaceable>
++            </arg>
+           </group>
+         </arg>
+         <arg choice="plain">
+@@ -90,7 +93,7 @@
+     <title>DESCRIPTION</title>
+     <para>
+       <command>pkcheck</command> is used to check whether a process, specified by
+-      either <option>--process</option> or <option>--system-bus-name</option>,
++      either <option>--process</option> (see below) or <option>--system-bus-name</option>,
+       is authorized for <replaceable>action</replaceable>. The <option>--detail</option>
+       option can be used zero or more times to pass details about <replaceable>action</replaceable>.
+       If <option>--allow-user-interaction</option> is passed, <command>pkcheck</command> blocks
+@@ -160,17 +163,23 @@ KEY3=VALUE3
+   <refsect1 id="pkcheck-notes">
+     <title>NOTES</title>
+     <para>
+-      Since process identifiers can be recycled, the caller should always use
+-      <replaceable>pid,pid-start-time</replaceable> to specify the process
+-      to check for authorization when using the <option>--process</option> option.
+-      The value of <replaceable>pid-start-time</replaceable>
+-      can be determined by consulting e.g. the
+-      <citerefentry>
+-        <refentrytitle>proc</refentrytitle><manvolnum>5</manvolnum>
+-      </citerefentry>
+-      file system depending on the operating system. If only <replaceable>pid</replaceable>
+-      is passed to the <option>--process</option> option, then <command>pkcheck</command>
+-      will look up the start time itself but note that this may be racy.
++      Do not use either the bare <replaceable>pid</replaceable> or
++      <replaceable>pid,start-time</replaceable> syntax forms for
++      <option>--process</option>.  There are race conditions in both.
++      New code should always use
++      <replaceable>pid,pid-start-time,uid</replaceable>.  The value of
++      <replaceable>start-time</replaceable> can be determined by
++      consulting e.g. the
++      <citerefentry><refentrytitle>proc</refentrytitle><manvolnum>5</manvolnum></citerefentry>
++      file system depending on the operating system.  If fewer than 3
++      arguments are passed, <command>pkcheck</command> will attempt to
++      look up them up internally, but note that this may be racy.
++    </para>
++    <para>
++      If your program is a daemon with e.g. a custom Unix domain
++      socket, you should determine the <replaceable>uid</replaceable>
++      parameter via operating system mechanisms such as
++      <literal>PEERCRED</literal>.
+     </para>
+   </refsect1>
+ 
+diff --git a/src/programs/pkcheck.c b/src/programs/pkcheck.c
+index 719a36c..057e926 100644
+--- a/src/programs/pkcheck.c
++++ b/src/programs/pkcheck.c
+@@ -372,6 +372,7 @@ main (int argc, char *argv[])
+       else if (g_strcmp0 (argv[n], "--process") == 0 || g_strcmp0 (argv[n], "-p") == 0)
+         {
+           gint pid;
++	  guint uid;
+           guint64 pid_start_time;
+ 
+           n++;
+@@ -381,7 +382,11 @@ main (int argc, char *argv[])
+               goto out;
+             }
+ 
+-          if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT, &pid, &pid_start_time) == 2)
++          if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT ",%u", &pid, &pid_start_time, &uid) == 3)
++            {
++              subject = polkit_unix_process_new_for_owner (pid, pid_start_time, uid);
++            }
++          else if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT, &pid, &pid_start_time) == 2)
+             {
+               subject = polkit_unix_process_new_full (pid, pid_start_time);
+             }
+-- 
+1.8.5.1
+
-- 
cgit v1.2.3-60-g2f50