Fix #1751940 - CVE-2019-14822 GDBusServer peer authorization
This commit is contained in:
parent
12939239bb
commit
698c8ecd06
175
ibus-HEAD.patch
175
ibus-HEAD.patch
@ -0,0 +1,175 @@
|
||||
From 3d442dbf936d197aa11ca0a71663c2bc61696151 Mon Sep 17 00:00:00 2001
|
||||
From: fujiwarat <takao.fujiwara1@gmail.com>
|
||||
Date: Fri, 13 Sep 2019 15:59:03 +0900
|
||||
Subject: [PATCH] bus: Implement GDBusAuthObserver callback
|
||||
|
||||
ibus uses a GDBusServer with G_DBUS_SERVER_FLAGS_AUTHENTICATION_ALLOW_ANONYMOUS,
|
||||
and doesn't set a GDBusAuthObserver, which allows anyone who can connect
|
||||
to its AF_UNIX socket to authenticate and be authorized to send method calls.
|
||||
It also seems to use an abstract AF_UNIX socket, which does not have
|
||||
filesystem permissions, so the practical effect might be that a local
|
||||
attacker can connect to another user's ibus service and make arbitrary
|
||||
method calls.
|
||||
|
||||
BUGS=rhbz#1717958
|
||||
---
|
||||
bus/server.c | 89 ++++++++++++++++++++++++++++++++++++++++++----------
|
||||
1 file changed, 73 insertions(+), 16 deletions(-)
|
||||
|
||||
diff --git a/bus/server.c b/bus/server.c
|
||||
index 3a626230..2439de14 100644
|
||||
--- a/bus/server.c
|
||||
+++ b/bus/server.c
|
||||
@@ -2,7 +2,8 @@
|
||||
/* vim:set et sts=4: */
|
||||
/* bus - The Input Bus
|
||||
* Copyright (C) 2008-2010 Peng Huang <shawn.p.huang@gmail.com>
|
||||
- * Copyright (C) 2008-2010 Red Hat, Inc.
|
||||
+ * Copyright (C) 2011-2019 Takao Fujiwara <takao.fujiwara1@gmail.com>
|
||||
+ * Copyright (C) 2008-2019 Red Hat, Inc.
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU Lesser General Public
|
||||
@@ -69,17 +70,64 @@ _restart_server (void)
|
||||
exit (-1);
|
||||
}
|
||||
|
||||
+/**
|
||||
+ * bus_allow_mechanism_cb:
|
||||
+ * @observer: A #GDBusAuthObserver.
|
||||
+ * @mechanism: The name of the mechanism.
|
||||
+ * @user_data: always %NULL.
|
||||
+ *
|
||||
+ * Check if @mechanism can be used to authenticate the other peer.
|
||||
+ * Returns: %TRUE if the peer's mechanism is allowed.
|
||||
+ */
|
||||
+static gboolean
|
||||
+bus_allow_mechanism_cb (GDBusAuthObserver *observer,
|
||||
+ const gchar *mechanism,
|
||||
+ G_GNUC_UNUSED gpointer user_data)
|
||||
+{
|
||||
+ if (g_strcmp0 (mechanism, "EXTERNAL") == 0)
|
||||
+ return TRUE;
|
||||
+ return FALSE;
|
||||
+}
|
||||
+
|
||||
+/**
|
||||
+ * bus_authorize_authenticated_peer_cb:
|
||||
+ * @observer: A #GDBusAuthObserver.
|
||||
+ * @stream: A #GIOStream.
|
||||
+ * @credentials: A #GCredentials.
|
||||
+ * @user_data: always %NULL.
|
||||
+ *
|
||||
+ * Check if a peer who has already authenticated should be authorized.
|
||||
+ * Returns: %TRUE if the peer's credential is authorized.
|
||||
+ */
|
||||
+static gboolean
|
||||
+bus_authorize_authenticated_peer_cb (GDBusAuthObserver *observer,
|
||||
+ GIOStream *stream,
|
||||
+ GCredentials *credentials,
|
||||
+ G_GNUC_UNUSED gpointer user_data)
|
||||
+{
|
||||
+ gboolean authorized = FALSE;
|
||||
+ if (credentials) {
|
||||
+ GCredentials *own_credentials = g_credentials_new ();
|
||||
+ if (g_credentials_is_same_user (credentials, own_credentials, NULL))
|
||||
+ authorized = TRUE;
|
||||
+ g_object_unref (own_credentials);
|
||||
+ }
|
||||
+ return authorized;
|
||||
+}
|
||||
+
|
||||
/**
|
||||
* bus_new_connection_cb:
|
||||
- * @user_data: always NULL.
|
||||
- * @returns: TRUE when the function can handle the connection.
|
||||
+ * @observer: A #GDBusAuthObserver.
|
||||
+ * @dbus_connection: A #GDBusconnection.
|
||||
+ * @user_data: always %NULL.
|
||||
*
|
||||
* Handle incoming connections.
|
||||
+ * Returns: %TRUE when the function can handle the connection.
|
||||
*/
|
||||
static gboolean
|
||||
-bus_new_connection_cb (GDBusServer *server,
|
||||
- GDBusConnection *dbus_connection,
|
||||
- gpointer user_data)
|
||||
+bus_new_connection_cb (GDBusServer *server,
|
||||
+ GDBusConnection *dbus_connection,
|
||||
+ G_GNUC_UNUSED gpointer user_data)
|
||||
{
|
||||
BusConnection *connection = bus_connection_new (dbus_connection);
|
||||
bus_dbus_impl_new_connection (dbus, connection);
|
||||
@@ -94,9 +142,9 @@ bus_new_connection_cb (GDBusServer *server,
|
||||
}
|
||||
|
||||
static void
|
||||
-_server_connect_start_portal_cb (GObject *source_object,
|
||||
- GAsyncResult *res,
|
||||
- gpointer user_data)
|
||||
+_server_connect_start_portal_cb (GObject *source_object,
|
||||
+ GAsyncResult *res,
|
||||
+ G_GNUC_UNUSED gpointer user_data)
|
||||
{
|
||||
GVariant *result;
|
||||
GError *error = NULL;
|
||||
@@ -113,9 +161,9 @@ _server_connect_start_portal_cb (GObject *source_object,
|
||||
}
|
||||
|
||||
static void
|
||||
-bus_acquired_handler (GDBusConnection *connection,
|
||||
- const gchar *name,
|
||||
- gpointer user_data)
|
||||
+bus_acquired_handler (GDBusConnection *connection,
|
||||
+ const gchar *name,
|
||||
+ G_GNUC_UNUSED gpointer user_data)
|
||||
{
|
||||
g_dbus_connection_call (connection,
|
||||
IBUS_SERVICE_PORTAL,
|
||||
@@ -136,14 +184,17 @@ void
|
||||
bus_server_init (void)
|
||||
{
|
||||
GError *error = NULL;
|
||||
+ GDBusServerFlags flags = G_DBUS_SERVER_FLAGS_NONE;
|
||||
+ gchar *guid;
|
||||
+ GDBusAuthObserver *observer;
|
||||
|
||||
dbus = bus_dbus_impl_get_default ();
|
||||
ibus = bus_ibus_impl_get_default ();
|
||||
bus_dbus_impl_register_object (dbus, (IBusService *)ibus);
|
||||
|
||||
/* init server */
|
||||
- GDBusServerFlags flags = G_DBUS_SERVER_FLAGS_AUTHENTICATION_ALLOW_ANONYMOUS;
|
||||
- gchar *guid = g_dbus_generate_guid ();
|
||||
+ guid = g_dbus_generate_guid ();
|
||||
+ observer = g_dbus_auth_observer_new ();
|
||||
if (!g_str_has_prefix (g_address, "unix:tmpdir=") &&
|
||||
!g_str_has_prefix (g_address, "unix:path=")) {
|
||||
g_error ("Your socket address does not have the format unix:tmpdir=$DIR "
|
||||
@@ -152,7 +203,7 @@ bus_server_init (void)
|
||||
server = g_dbus_server_new_sync (
|
||||
g_address, /* the place where the socket file lives, e.g. /tmp, abstract namespace, etc. */
|
||||
flags, guid,
|
||||
- NULL /* observer */,
|
||||
+ observer,
|
||||
NULL /* cancellable */,
|
||||
&error);
|
||||
if (server == NULL) {
|
||||
@@ -162,7 +213,13 @@ bus_server_init (void)
|
||||
}
|
||||
g_free (guid);
|
||||
|
||||
- g_signal_connect (server, "new-connection", G_CALLBACK (bus_new_connection_cb), NULL);
|
||||
+ g_signal_connect (observer, "allow-mechanism",
|
||||
+ G_CALLBACK (bus_allow_mechanism_cb), NULL);
|
||||
+ g_signal_connect (observer, "authorize-authenticated-peer",
|
||||
+ G_CALLBACK (bus_authorize_authenticated_peer_cb), NULL);
|
||||
+ g_object_unref (observer);
|
||||
+ g_signal_connect (server, "new-connection",
|
||||
+ G_CALLBACK (bus_new_connection_cb), NULL);
|
||||
|
||||
g_dbus_server_start (server);
|
||||
|
||||
--
|
||||
2.21.0
|
||||
|
@ -35,7 +35,7 @@
|
||||
|
||||
Name: ibus
|
||||
Version: 1.5.21
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
Summary: Intelligent Input Bus for Linux OS
|
||||
License: LGPLv2+
|
||||
URL: https://github.com/ibus/%name/wiki
|
||||
@ -43,6 +43,7 @@ Source0: https://github.com/ibus/%name/releases/download/%{version}/%{nam
|
||||
Source1: %{name}-xinput
|
||||
Source2: %{name}.conf.5
|
||||
# Patch0: %%{name}-HEAD.patch
|
||||
Patch0: %{name}-HEAD.patch
|
||||
# Under testing #1349148 #1385349 #1350291 #1406699 #1432252 #1601577
|
||||
Patch1: %{name}-1385349-segv-bus-proxy.patch
|
||||
|
||||
@ -460,6 +461,9 @@ dconf update || :
|
||||
%{_datadir}/installed-tests/ibus
|
||||
|
||||
%changelog
|
||||
* Fri Sep 13 2019 Takao Fujiwara <tfujiwar@redhat.com> - 1.5.21-2
|
||||
- Fix #1751940 - CVE-2019-14822 GDBusServer peer authorization
|
||||
|
||||
* Fri Aug 23 2019 Takao Fujiwara <tfujiwar@redhat.com> - 1.5.21-1
|
||||
- Bump to 1.5.21
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user