Avoid unix-process authorization subject when using polkit (bug #1009541, CVE-2013-4325).

Resolves: rhbz#1009541
2013-09-18 17:43:05 +01:00 · 2013-09-18 17:43:05 +01:00 · c06157892d
commit c06157892d
parent b5dbf8cf03
2 changed files with 31 additions and 1 deletions
--- a/hplip-CVE-2013-4325.patch
+++ b/hplip-CVE-2013-4325.patch
@ -0,0 +1,21 @@
+diff -up hplip-3.13.7/base/pkit.py.CVE-2013-4325 hplip-3.13.7/base/pkit.py
+--- hplip-3.13.7/base/pkit.py.CVE-2013-4325	2013-07-23 06:18:29.000000000 +0100
+++ hplip-3.13.7/base/pkit.py	2013-09-11 10:54:13.252419283 +0100
+@@ -176,15 +176,10 @@ class PolicyKitService(dbus.service.Obje
+                                     "/org/freedesktop/PolicyKit1/Authority",
+                                     "org.freedesktop.PolicyKit1.Authority")
+         policy_kit = dbus.Interface(obj, "org.freedesktop.PolicyKit1.Authority")
+-        info = dbus.Interface(connection.get_object("org.freedesktop.DBus",
+-                                                    "/org/freedesktop/DBus/Bus",
+-                                                    False),
+-                              "org.freedesktop.DBus")
+-        pid = info.GetConnectionUnixProcessID(sender)
+         
+         subject = (
+-            'unix-process',
+-            { 'pid' : dbus.UInt32(pid, variant_level = 1) }
+            'system-bus-name',
+            { 'name' : dbus.String(sender, variant_level = 1) }
+         )
+         details = { '' : '' }
+         flags = dbus.UInt32(1)         # AllowUserInteraction = 0x00000001
--- a/hplip.spec
+++ b/hplip.spec
@ -7,7 +7,7 @@
 Summary: HP Linux Imaging and Printing Project
 Name: hplip
 Version: 3.13.9
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2+ and MIT
 Group: System Environment/Daemons

@ -37,6 +37,7 @@ Patch19: hplip-makefile-chgrp.patch
 Patch20: hplip-hpaio-localonly.patch
 Patch21: hplip-check.patch
 Patch22: hplip-mkstemp.patch
+Patch23: hplip-CVE-2013-4325.patch

 %global hpijs_epoch 1
 Requires: hpijs%{?_isa} = %{hpijs_epoch}:%{version}-%{release}
@ -258,6 +259,10 @@ done
 # Avoid several bugs in createTempFile (bug #925032).
 %patch22 -p1 -b .mkstemp

+# Applied patch to avoid unix-process authorization subject when using
+# polkit as it is racy (CVE-2013-4325).
+%patch23 -p1 -b .CVE-2013-4325
+
 sed -i.duplex-constraints \
    -e 's,\(UIConstraints.* \*Duplex\),//\1,' \
    prnt/drv/hpcups.drv.in
@ -487,6 +492,10 @@ rm -f %{buildroot}%{_sysconfdir}/xdg/autostart/hplip-systray.desktop
 %postun libs -p /sbin/ldconfig

 %changelog
+* Wed Sep 18 2013 Tim Waugh <twaugh@redhat.com> - 3.13.9-2
+- Applied patch to avoid unix-process authorization subject when using
+  polkit as it is racy (bug #1009541, CVE-2013-4325).
+
 * Tue Sep 10 2013 Jiri Popelka <jpopelka@redhat.com> - 3.13.9-1
 - 3.13.9: hplipjs filter removed, several patches applied upstream