Auto sync2gitlab import of polkit-0.115-15.el8.src.rpm

This commit is contained in:
CentOS Sources 2023-02-04 08:10:24 +00:00
parent a245c3974f
commit 3a9b2003e5
20 changed files with 1720 additions and 1 deletions

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
/polkit-0.115.tar.gz

1
EMPTY
View File

@ -1 +0,0 @@

View File

@ -0,0 +1,291 @@
diff --git a/src/polkit/polkitunixgroup.c b/src/polkit/polkitunixgroup.c
index c57a1aaacbb13c4e4297dd812cf5904f2f427b03..309f68918895e0f8b547f8c06f89c6fb1326fe20 100644
--- a/src/polkit/polkitunixgroup.c
+++ b/src/polkit/polkitunixgroup.c
@@ -71,6 +71,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixGroup, polkit_unix_group, G_TYPE_OBJECT,
static void
polkit_unix_group_init (PolkitUnixGroup *unix_group)
{
+ unix_group->gid = -1; /* (git_t) -1 is not a valid GID under Linux */
}
static void
@@ -100,11 +101,14 @@ polkit_unix_group_set_property (GObject *object,
GParamSpec *pspec)
{
PolkitUnixGroup *unix_group = POLKIT_UNIX_GROUP (object);
+ gint val;
switch (prop_id)
{
case PROP_GID:
- unix_group->gid = g_value_get_int (value);
+ val = g_value_get_int (value);
+ g_return_if_fail (val != -1);
+ unix_group->gid = val;
break;
default:
@@ -131,9 +135,9 @@ polkit_unix_group_class_init (PolkitUnixGroupClass *klass)
g_param_spec_int ("gid",
"Group ID",
"The UNIX group ID",
- 0,
+ G_MININT,
G_MAXINT,
- 0,
+ -1,
G_PARAM_CONSTRUCT |
G_PARAM_READWRITE |
G_PARAM_STATIC_NAME |
@@ -166,9 +170,10 @@ polkit_unix_group_get_gid (PolkitUnixGroup *group)
*/
void
polkit_unix_group_set_gid (PolkitUnixGroup *group,
- gint gid)
+ gint gid)
{
g_return_if_fail (POLKIT_IS_UNIX_GROUP (group));
+ g_return_if_fail (gid != -1);
group->gid = gid;
}
@@ -183,6 +188,8 @@ polkit_unix_group_set_gid (PolkitUnixGroup *group,
PolkitIdentity *
polkit_unix_group_new (gint gid)
{
+ g_return_val_if_fail (gid != -1, NULL);
+
return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_GROUP,
"gid", gid,
NULL));
diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c
index 972b7776825d5ccf677ed12ed620fc0c52352547..b02b25894ad120d88ea21d4c96ac8dca1821fcf2 100644
--- a/src/polkit/polkitunixprocess.c
+++ b/src/polkit/polkitunixprocess.c
@@ -159,9 +159,14 @@ polkit_unix_process_set_property (GObject *object,
polkit_unix_process_set_pid (unix_process, g_value_get_int (value));
break;
- case PROP_UID:
- polkit_unix_process_set_uid (unix_process, g_value_get_int (value));
+ case PROP_UID: {
+ gint val;
+
+ val = g_value_get_int (value);
+ g_return_if_fail (val != -1);
+ polkit_unix_process_set_uid (unix_process, val);
break;
+ }
case PROP_START_TIME:
polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value));
@@ -239,7 +244,7 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass)
g_param_spec_int ("uid",
"User ID",
"The UNIX user ID",
- -1,
+ G_MININT,
G_MAXINT,
-1,
G_PARAM_CONSTRUCT |
@@ -303,7 +308,6 @@ polkit_unix_process_set_uid (PolkitUnixProcess *process,
gint uid)
{
g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process));
- g_return_if_fail (uid >= -1);
process->uid = uid;
}
diff --git a/src/polkit/polkitunixuser.c b/src/polkit/polkitunixuser.c
index 8bfd3a1fb05ddb56adebd097569a9977b7b922f3..234a6976c573ac65200ee08228cd50111f0c769b 100644
--- a/src/polkit/polkitunixuser.c
+++ b/src/polkit/polkitunixuser.c
@@ -72,6 +72,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixUser, polkit_unix_user, G_TYPE_OBJECT,
static void
polkit_unix_user_init (PolkitUnixUser *unix_user)
{
+ unix_user->uid = -1; /* (uid_t) -1 is not a valid UID under Linux */
unix_user->name = NULL;
}
@@ -112,11 +113,14 @@ polkit_unix_user_set_property (GObject *object,
GParamSpec *pspec)
{
PolkitUnixUser *unix_user = POLKIT_UNIX_USER (object);
+ gint val;
switch (prop_id)
{
case PROP_UID:
- unix_user->uid = g_value_get_int (value);
+ val = g_value_get_int (value);
+ g_return_if_fail (val != -1);
+ unix_user->uid = val;
break;
default:
@@ -144,9 +148,9 @@ polkit_unix_user_class_init (PolkitUnixUserClass *klass)
g_param_spec_int ("uid",
"User ID",
"The UNIX user ID",
- 0,
+ G_MININT,
G_MAXINT,
- 0,
+ -1,
G_PARAM_CONSTRUCT |
G_PARAM_READWRITE |
G_PARAM_STATIC_NAME |
@@ -182,6 +186,7 @@ polkit_unix_user_set_uid (PolkitUnixUser *user,
gint uid)
{
g_return_if_fail (POLKIT_IS_UNIX_USER (user));
+ g_return_if_fail (uid != -1);
user->uid = uid;
}
@@ -196,6 +201,8 @@ polkit_unix_user_set_uid (PolkitUnixUser *user,
PolkitIdentity *
polkit_unix_user_new (gint uid)
{
+ g_return_val_if_fail (uid != -1, NULL);
+
return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_USER,
"uid", uid,
NULL));
diff --git a/test/data/etc/group b/test/data/etc/group
index 12ef328b21b346ee3828ce3aaf15cca83858bd1d..b9acab97211fdf7db521dc0939b2dcfc2c9e350b 100644
--- a/test/data/etc/group
+++ b/test/data/etc/group
@@ -5,3 +5,4 @@ john:x:500:
jane:x:501:
sally:x:502:
henry:x:503:
+highuid2:x:4000000000:
diff --git a/test/data/etc/passwd b/test/data/etc/passwd
index 8544febcd8b1720e5577dfb3f0672a6fef29e701..5cf14a5620259f79806192ca935fee84a29ac96d 100644
--- a/test/data/etc/passwd
+++ b/test/data/etc/passwd
@@ -3,3 +3,5 @@ john:x:500:500:John Done:/home/john:/bin/bash
jane:x:501:501:Jane Smith:/home/jane:/bin/bash
sally:x:502:502:Sally Derp:/home/sally:/bin/bash
henry:x:503:503:Henry Herp:/home/henry:/bin/bash
+highuid1:x:2147483648:2147483648:The first high uid:/home/highuid1:/sbin/nologin
+highuid2:x:4000000000:4000000000:An example high uid:/home/example:/sbin/nologin
diff --git a/test/data/etc/polkit-1/rules.d/10-testing.rules b/test/data/etc/polkit-1/rules.d/10-testing.rules
index 446e62291b7fe4c5bacdceb1045350af1a9dc245..98bf062a08cb11fddb7df95d0bcdec1b1ac3587d 100644
--- a/test/data/etc/polkit-1/rules.d/10-testing.rules
+++ b/test/data/etc/polkit-1/rules.d/10-testing.rules
@@ -53,6 +53,27 @@ polkit.addRule(function(action, subject) {
}
});
+polkit.addRule(function(action, subject) {
+ if (action.id == "net.company.john_action") {
+ if (subject.user == "john") {
+ return polkit.Result.YES;
+ } else {
+ return polkit.Result.NO;
+ }
+ }
+});
+
+polkit.addRule(function(action, subject) {
+ if (action.id == "net.company.highuid2_action") {
+ if (subject.user == "highuid2") {
+ return polkit.Result.YES;
+ } else {
+ return polkit.Result.NO;
+ }
+ }
+});
+
+
// ---------------------------------------------------------------------
// variables
diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c b/test/polkitbackend/test-polkitbackendjsauthority.c
index b484a26600dbde074ee7d8491f88624fdc83c39c..71aad23e2f5d1a7b15e138f23e6581a31498bad6 100644
--- a/test/polkitbackend/test-polkitbackendjsauthority.c
+++ b/test/polkitbackend/test-polkitbackendjsauthority.c
@@ -330,6 +330,78 @@ static const RulesTestCase rules_test_cases[] = {
NULL,
POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED,
},
+
+ {
+ /* highuid1 is not a member of group 'users', see test/data/etc/group */
+ "group_membership_with_non_member(highuid22)",
+ "net.company.group.only_group_users",
+ "unix-user:highuid2",
+ NULL,
+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
+ },
+
+ {
+ /* highuid2 is not a member of group 'users', see test/data/etc/group */
+ "group_membership_with_non_member(highuid21)",
+ "net.company.group.only_group_users",
+ "unix-user:highuid2",
+ NULL,
+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
+ },
+
+ {
+ /* highuid1 is not a member of group 'users', see test/data/etc/group */
+ "group_membership_with_non_member(highuid24)",
+ "net.company.group.only_group_users",
+ "unix-user:2147483648",
+ NULL,
+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
+ },
+
+ {
+ /* highuid2 is not a member of group 'users', see test/data/etc/group */
+ "group_membership_with_non_member(highuid23)",
+ "net.company.group.only_group_users",
+ "unix-user:4000000000",
+ NULL,
+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
+ },
+
+ {
+ /* john is authorized to do this, see 10-testing.rules */
+ "john_action",
+ "net.company.john_action",
+ "unix-user:john",
+ NULL,
+ POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED,
+ },
+
+ {
+ /* only john is authorized to do this, see 10-testing.rules */
+ "jane_action",
+ "net.company.john_action",
+ "unix-user:jane",
+ NULL,
+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
+ },
+
+ {
+ /* highuid2 is authorized to do this, see 10-testing.rules */
+ "highuid2_action",
+ "net.company.highuid2_action",
+ "unix-user:highuid2",
+ NULL,
+ POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED,
+ },
+
+ {
+ /* only highuid2 is authorized to do this, see 10-testing.rules */
+ "highuid1_action",
+ "net.company.highuid2_action",
+ "unix-user:highuid1",
+ NULL,
+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
+ },
};
/* ---------------------------------------------------------------------------------------------------- */

View File

@ -0,0 +1,185 @@
From 6cc6aafee135ba44ea748250d7d29b562ca190e3 Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Fri, 4 Jan 2019 14:24:48 -0500
Subject: [PATCH] backend: Compare PolkitUnixProcess uids for temporary
authorizations
It turns out that the combination of `(pid, start time)` is not
enough to be unique. For temporary authorizations, we can avoid
separate users racing on pid reuse by simply comparing the uid.
https://bugs.chromium.org/p/project-zero/issues/detail?id=1692
And the above original email report is included in full in a new comment.
Reported-by: Jann Horn <jannh@google.com>
Closes: https://gitlab.freedesktop.org/polkit/polkit/issues/75
---
src/polkit/polkitsubject.c | 2 +
src/polkit/polkitunixprocess.c | 71 ++++++++++++++++++-
.../polkitbackendinteractiveauthority.c | 39 +++++++++-
3 files changed, 110 insertions(+), 2 deletions(-)
diff --git a/src/polkit/polkitsubject.c b/src/polkit/polkitsubject.c
index d4c1182..ccabd0a 100644
--- a/src/polkit/polkitsubject.c
+++ b/src/polkit/polkitsubject.c
@@ -99,6 +99,8 @@ polkit_subject_hash (PolkitSubject *subject)
* @b: A #PolkitSubject.
*
* Checks if @a and @b are equal, ie. represent the same subject.
+ * However, avoid calling polkit_subject_equal() to compare two processes;
+ * for more information see the `PolkitUnixProcess` documentation.
*
* This function can be used in e.g. g_hash_table_new().
*
diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c
index b02b258..78d7251 100644
--- a/src/polkit/polkitunixprocess.c
+++ b/src/polkit/polkitunixprocess.c
@@ -51,7 +51,10 @@
* @title: PolkitUnixProcess
* @short_description: Unix processs
*
- * An object for representing a UNIX process.
+ * An object for representing a UNIX process. NOTE: This object as
+ * designed is now known broken; a mechanism to exploit a delay in
+ * start time in the Linux kernel was identified. Avoid
+ * calling polkit_subject_equal() to compare two processes.
*
* To uniquely identify processes, both the process id and the start
* time of the process (a monotonic increasing value representing the
@@ -66,6 +69,72 @@
* polkit_unix_process_new_for_owner() with trusted data.
*/
+/* See https://gitlab.freedesktop.org/polkit/polkit/issues/75
+
+ But quoting the original email in full here to ensure it's preserved:
+
+ From: Jann Horn <jannh@google.com>
+ Subject: [SECURITY] polkit: temporary auth hijacking via PID reuse and non-atomic fork
+ Date: Wednesday, October 10, 2018 5:34 PM
+
+When a (non-root) user attempts to e.g. control systemd units in the system
+instance from an active session over DBus, the access is gated by a polkit
+policy that requires "auth_admin_keep" auth. This results in an auth prompt
+being shown to the user, asking the user to confirm the action by entering the
+password of an administrator account.
+
+After the action has been confirmed, the auth decision for "auth_admin_keep" is
+cached for up to five minutes. Subject to some restrictions, similar actions can
+then be performed in this timespan without requiring re-auth:
+
+ - The PID of the DBus client requesting the new action must match the PID of
+ the DBus client requesting the old action (based on SO_PEERCRED information
+ forwarded by the DBus daemon).
+ - The "start time" of the client's PID (as seen in /proc/$pid/stat, field 22)
+ must not have changed. The granularity of this timestamp is in the
+ millisecond range.
+ - polkit polls every two seconds whether a process with the expected start time
+ still exists. If not, the temporary auth entry is purged.
+
+Without the start time check, this would obviously be buggy because an attacker
+could simply wait for the legitimate client to disappear, then create a new
+client with the same PID.
+
+Unfortunately, the start time check is bypassable because fork() is not atomic.
+Looking at the source code of copy_process() in the kernel:
+
+ p->start_time = ktime_get_ns();
+ p->real_start_time = ktime_get_boot_ns();
+ [...]
+ retval = copy_thread_tls(clone_flags, stack_start, stack_size, p, tls);
+ if (retval)
+ goto bad_fork_cleanup_io;
+
+ if (pid != &init_struct_pid) {
+ pid = alloc_pid(p->nsproxy->pid_ns_for_children);
+ if (IS_ERR(pid)) {
+ retval = PTR_ERR(pid);
+ goto bad_fork_cleanup_thread;
+ }
+ }
+
+The ktime_get_boot_ns() call is where the "start time" of the process is
+recorded. The alloc_pid() call is where a free PID is allocated. In between
+these, some time passes; and because the copy_thread_tls() call between them can
+access userspace memory when sys_clone() is invoked through the 32-bit syscall
+entry point, an attacker can even stall the kernel arbitrarily long at this
+point (by supplying a pointer into userspace memory that is associated with a
+userfaultfd or is backed by a custom FUSE filesystem).
+
+This means that an attacker can immediately call sys_clone() when the victim
+process is created, often resulting in a process that has the exact same start
+time reported in procfs; and then the attacker can delay the alloc_pid() call
+until after the victim process has died and the PID assignment has cycled
+around. This results in an attacker process that polkit can't distinguish from
+the victim process.
+*/
+
+
/**
* PolkitUnixProcess:
*
diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
index a1630b9..80e8141 100644
--- a/src/polkitbackend/polkitbackendinteractiveauthority.c
+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
@@ -3031,6 +3031,43 @@ temporary_authorization_store_free (TemporaryAuthorizationStore *store)
g_free (store);
}
+/* See the comment at the top of polkitunixprocess.c */
+static gboolean
+subject_equal_for_authz (PolkitSubject *a,
+ PolkitSubject *b)
+{
+ if (!polkit_subject_equal (a, b))
+ return FALSE;
+
+ /* Now special case unix processes, as we want to protect against
+ * pid reuse by including the UID.
+ */
+ if (POLKIT_IS_UNIX_PROCESS (a) && POLKIT_IS_UNIX_PROCESS (b)) {
+ PolkitUnixProcess *ap = (PolkitUnixProcess*)a;
+ int uid_a = polkit_unix_process_get_uid ((PolkitUnixProcess*)a);
+ PolkitUnixProcess *bp = (PolkitUnixProcess*)b;
+ int uid_b = polkit_unix_process_get_uid ((PolkitUnixProcess*)b);
+
+ if (uid_a != -1 && uid_b != -1)
+ {
+ if (uid_a == uid_b)
+ {
+ return TRUE;
+ }
+ else
+ {
+ g_printerr ("denying slowfork; pid %d uid %d != %d!\n",
+ polkit_unix_process_get_pid (ap),
+ uid_a, uid_b);
+ return FALSE;
+ }
+ }
+ /* Fall through; one of the uids is unset so we can't reliably compare */
+ }
+
+ return TRUE;
+}
+
static gboolean
temporary_authorization_store_has_authorization (TemporaryAuthorizationStore *store,
PolkitSubject *subject,
@@ -3073,7 +3110,7 @@ temporary_authorization_store_has_authorization (TemporaryAuthorizationStore *st
TemporaryAuthorization *authorization = l->data;
if (strcmp (action_id, authorization->action_id) == 0 &&
- polkit_subject_equal (subject_to_use, authorization->subject))
+ subject_equal_for_authz (subject_to_use, authorization->subject))
{
ret = TRUE;
if (out_tmp_authz_id != NULL)
--
2.19.2

View File

@ -0,0 +1,13 @@
--- a/src/polkit/polkitsystembusname.c
+++ b/src/polkit/polkitsystembusname.c
@@ -435,6 +435,9 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus
while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error))
g_main_context_iteration (tmp_context, TRUE);
+ if (data.caught_error)
+ goto out;
+
if (out_uid)
*out_uid = data.uid;
if (out_pid)

View File

@ -0,0 +1,69 @@
diff --git a/src/programs/pkcheck.c b/src/programs/pkcheck.c
index f1bb4e1..aff4f60 100644
--- a/src/programs/pkcheck.c
+++ b/src/programs/pkcheck.c
@@ -363,6 +363,12 @@ main (int argc, char *argv[])
local_agent_handle = NULL;
ret = 126;
+ if (argc < 1)
+ {
+ help();
+ exit(1);
+ }
+
/* Disable remote file access from GIO. */
setenv ("GIO_USE_VFS", "local", 1);
diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c
index 7698c5c..d84dc57 100644
--- a/src/programs/pkexec.c
+++ b/src/programs/pkexec.c
@@ -488,6 +488,17 @@ main (int argc, char *argv[])
pid_t pid_of_caller;
gpointer local_agent_handle;
+
+ /*
+ * If 'pkexec' is called wrong, just show help and bail out.
+ */
+ if (argc<1)
+ {
+ clearenv();
+ usage(argc, argv);
+ exit(1);
+ }
+
ret = 127;
authority = NULL;
subject = NULL;
@@ -614,10 +625,10 @@ main (int argc, char *argv[])
path = g_strdup (pwstruct.pw_shell);
if (!path)
- {
+ {
g_printerr ("No shell configured or error retrieving pw_shell\n");
goto out;
- }
+ }
/* If you change this, be sure to change the if (!command_line)
case below too */
command_line = g_strdup (path);
@@ -636,7 +647,15 @@ main (int argc, char *argv[])
goto out;
}
g_free (path);
- argv[n] = path = s;
+ path = s;
+
+ /* argc<2 and pkexec runs just shell, argv is guaranteed to be null-terminated.
+ * /-less shell shouldn't happen, but let's be defensive and don't write to null-termination
+ */
+ if (argv[n] != NULL)
+ {
+ argv[n] = path;
+ }
}
if (access (path, F_OK) != 0)
{

View File

@ -0,0 +1,71 @@
diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c
index 8ed1363..2fbf5f1 100644
--- a/src/polkit/polkitsystembusname.c
+++ b/src/polkit/polkitsystembusname.c
@@ -62,6 +62,10 @@ enum
PROP_NAME,
};
+
+guint8 dbus_call_respond_fails; // has to be global because of callback
+
+
static void subject_iface_init (PolkitSubjectIface *subject_iface);
G_DEFINE_TYPE_WITH_CODE (PolkitSystemBusName, polkit_system_bus_name, G_TYPE_OBJECT,
@@ -364,6 +368,7 @@ on_retrieved_unix_uid_pid (GObject *src,
if (!v)
{
data->caught_error = TRUE;
+ dbus_call_respond_fails += 1;
}
else
{
@@ -405,6 +410,8 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus
tmp_context = g_main_context_new ();
g_main_context_push_thread_default (tmp_context);
+ dbus_call_respond_fails = 0;
+
/* Do two async calls as it's basically as fast as one sync call.
*/
g_dbus_connection_call (connection,
@@ -432,11 +439,34 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus
on_retrieved_unix_uid_pid,
&data);
- while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error))
- g_main_context_iteration (tmp_context, TRUE);
+ while (TRUE)
+ {
+ /* If one dbus call returns error, we must wait until the other call
+ * calls _call_finish(), otherwise fd leak is possible.
+ * Resolves: GHSL-2021-077
+ */
- if (data.caught_error)
- goto out;
+ if ( (dbus_call_respond_fails > 1) )
+ {
+ // we got two faults, we can leave
+ goto out;
+ }
+
+ if ((data.caught_error && (data.retrieved_pid || data.retrieved_uid)))
+ {
+ // we got one fault and the other call finally finished, we can leave
+ goto out;
+ }
+
+ if ( !(data.retrieved_uid && data.retrieved_pid) )
+ {
+ g_main_context_iteration (tmp_context, TRUE);
+ }
+ else
+ {
+ break;
+ }
+ }
if (out_uid)
*out_uid = data.uid;

View File

@ -0,0 +1,20 @@
diff -up ./src/polkit/polkitunixprocess.c.ori ./src/polkit/polkitunixprocess.c
--- ./src/polkit/polkitunixprocess.c.ori 2019-02-06 16:47:23.460666237 +0100
+++ ./src/polkit/polkitunixprocess.c 2019-02-06 16:47:43.846573792 +0100
@@ -211,14 +211,9 @@ polkit_unix_process_set_property (GObjec
polkit_unix_process_set_pid (unix_process, g_value_get_int (value));
break;
- case PROP_UID: {
- gint val;
-
- val = g_value_get_int (value);
- g_return_if_fail (val != -1);
- polkit_unix_process_set_uid (unix_process, val);
+ case PROP_UID:
+ polkit_unix_process_set_uid (unix_process, g_value_get_int (value));
break;
- }
case PROP_START_TIME:
polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value));

View File

@ -0,0 +1,60 @@
From 0ce0a7b3298d7b0fd5ce8c6775bcef9b0caf1bdb Mon Sep 17 00:00:00 2001
From: David Herrmann <dh.herrmann@gmail.com>
Date: Wed, 4 Jul 2018 13:51:24 +0200
Subject: [PATCH] polkitagent: suppress disconnect messages
The polkitagent may be used by pkexec and friends. These might very
well survive until very late during system shutdown. Hence, a
disconnect of polkitd during runtime might be expected [1].
This patch silences the disconnect/reconnect messages and turns them
into debug messages. This only affects the polkit-agent, it does not
affect the polkit-daemon implementation.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1249627
---
src/polkitagent/polkitagentlistener.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/src/polkitagent/polkitagentlistener.c b/src/polkitagent/polkitagentlistener.c
index debd1bb..1c8b666 100644
--- a/src/polkitagent/polkitagentlistener.c
+++ b/src/polkitagent/polkitagentlistener.c
@@ -178,10 +178,10 @@ on_notify_authority_owner (GObject *object,
owner = polkit_authority_get_owner (server->authority);
if (owner == NULL)
{
- g_printerr ("PolicyKit daemon disconnected from the bus.\n");
+ g_debug ("PolicyKit daemon disconnected from the bus.\n");
if (server->is_registered)
- g_printerr ("We are no longer a registered authentication agent.\n");
+ g_debug ("We are no longer a registered authentication agent.\n");
server->is_registered = FALSE;
}
@@ -192,17 +192,17 @@ on_notify_authority_owner (GObject *object,
{
GError *error;
- g_printerr ("PolicyKit daemon reconnected to bus.\n");
- g_printerr ("Attempting to re-register as an authentication agent.\n");
+ g_debug ("PolicyKit daemon reconnected to bus.\n");
+ g_debug ("Attempting to re-register as an authentication agent.\n");
error = NULL;
if (server_register (server, &error))
{
- g_printerr ("We are now a registered authentication agent.\n");
+ g_debug ("We are now a registered authentication agent.\n");
}
else
{
- g_printerr ("Failed to register as an authentication agent: %s\n", error->message);
+ g_debug ("Failed to register as an authentication agent: %s\n", error->message);
g_error_free (error);
}
}
--
2.18.0

View File

@ -0,0 +1,19 @@
commit 28e3a6653d8c3777b07e0128a0d97d46e586e311
Author: Jan Rybar <jrybar@redhat.com>
Date: Tue Oct 8 13:28:18 2019 +0000
jsauthority: Fix two minor memory leaks
diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp
index 9b752d1..e97b8aa 100644
--- a/src/polkitbackend/polkitbackendjsauthority.cpp
+++ b/src/polkitbackend/polkitbackendjsauthority.cpp
@@ -567,6 +567,8 @@ polkit_backend_js_authority_finalize (GObject *object)
g_strfreev (authority->priv->rules_dirs);
delete authority->priv->ac;
+ delete authority->priv->js_global;
+ delete authority->priv->js_polkit;
JS_DestroyContext (authority->priv->cx);
/* JS_ShutDown (); */

View File

@ -0,0 +1,148 @@
diff --git a/configure.ac b/configure.ac
index 5c37e481147466fd5a3a0a6b814f20fd2fe6bce8..5cedb4eca980f050fb5855ab577e93100adf8fec 100644
--- a/configure.ac
+++ b/configure.ac
@@ -79,7 +79,7 @@ PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 >= 2.30.0])
AC_SUBST(GLIB_CFLAGS)
AC_SUBST(GLIB_LIBS)
-PKG_CHECK_MODULES(LIBJS, [mozjs-52])
+PKG_CHECK_MODULES(LIBJS, [mozjs-60])
AC_SUBST(LIBJS_CFLAGS)
AC_SUBST(LIBJS_CXXFLAGS)
diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp
index 76027149d4dfdc54064be48a3aeafeec8326a67b..984a0f0e579d51c09117f4e495b0c3fdc46fe61b 100644
--- a/src/polkitbackend/polkitbackendjsauthority.cpp
+++ b/src/polkitbackend/polkitbackendjsauthority.cpp
@@ -150,18 +150,17 @@ G_DEFINE_TYPE (PolkitBackendJsAuthority, polkit_backend_js_authority, POLKIT_BAC
/* ---------------------------------------------------------------------------------------------------- */
static const struct JSClassOps js_global_class_ops = {
- NULL,
- NULL,
- NULL,
- NULL,
- NULL,
- NULL,
- NULL,
- NULL,
- NULL,
- NULL,
- NULL,
- NULL
+ nullptr, // addProperty
+ nullptr, // deleteProperty
+ nullptr, // enumerate
+ nullptr, // newEnumerate
+ nullptr, // resolve
+ nullptr, // mayResolve
+ nullptr, // finalize
+ nullptr, // call
+ nullptr, // hasInstance
+ nullptr, // construct
+ JS_GlobalObjectTraceHook
};
static JSClass js_global_class = {
@@ -172,18 +171,17 @@ static JSClass js_global_class = {
/* ---------------------------------------------------------------------------------------------------- */
static const struct JSClassOps js_polkit_class_ops = {
- NULL,
- NULL,
- NULL,
- NULL,
- NULL,
- NULL,
- NULL,
- NULL,
- NULL,
- NULL,
- NULL,
- NULL
+ nullptr, // addProperty
+ nullptr, // deleteProperty
+ nullptr, // enumerate
+ nullptr, // newEnumerate
+ nullptr, // resolve
+ nullptr, // mayResolve
+ nullptr, // finalize
+ nullptr, // call
+ nullptr, // hasInstance
+ nullptr, // construct
+ nullptr // trace
};
static JSClass js_polkit_class = {
@@ -469,19 +467,18 @@ polkit_backend_js_authority_constructed (GObject *object)
{
JS::CompartmentOptions compart_opts;
- compart_opts.behaviors().setVersion(JSVERSION_LATEST);
+
JS::RootedObject global(authority->priv->cx);
authority->priv->js_global = new JS::Heap<JSObject*> (JS_NewGlobalObject (authority->priv->cx, &js_global_class, NULL, JS::FireOnNewGlobalHook, compart_opts));
global = authority->priv->js_global->get ();
-
- if (global == NULL)
+ if (!global)
goto fail;
authority->priv->ac = new JSAutoCompartment(authority->priv->cx, global);
- if (authority->priv->ac == NULL)
+ if (!authority->priv->ac)
goto fail;
if (!JS_InitStandardClasses (authority->priv->cx, global))
@@ -493,7 +490,7 @@ polkit_backend_js_authority_constructed (GObject *object)
polkit = authority->priv->js_polkit->get ();
- if (polkit == NULL)
+ if (!polkit)
goto fail;
if (!JS_DefineProperty(authority->priv->cx, global, "polkit", polkit, JSPROP_ENUMERATE))
@@ -504,7 +501,7 @@ polkit_backend_js_authority_constructed (GObject *object)
js_polkit_functions))
goto fail;
- JS::CompileOptions options(authority->priv->cx, JSVERSION_UNKNOWN);
+ JS::CompileOptions options(authority->priv->cx);
JS::RootedValue rval(authority->priv->cx);
if (!JS::Evaluate (authority->priv->cx,
options,
@@ -684,7 +681,9 @@ set_property_strv (PolkitBackendJsAuthority *authority,
JS::AutoValueVector elems(authority->priv->cx);
guint n;
- elems.resize(value->len);
+ if (!elems.resize(value->len))
+ g_error ("Unable to resize vector");
+
for (n = 0; n < value->len; n++)
{
const char *c_string = (const char *) g_ptr_array_index(value, n);
@@ -741,7 +740,7 @@ subject_to_jsval (PolkitBackendJsAuthority *authority,
GError **error)
{
gboolean ret = FALSE;
- JS::CompileOptions options(authority->priv->cx, JSVERSION_UNKNOWN);
+ JS::CompileOptions options(authority->priv->cx);
const char *src;
JS::RootedObject obj(authority->priv->cx);
pid_t pid;
@@ -868,7 +867,7 @@ action_and_details_to_jsval (PolkitBackendJsAuthority *authority,
GError **error)
{
gboolean ret = FALSE;
- JS::CompileOptions options(authority->priv->cx, JSVERSION_UNKNOWN);
+ JS::CompileOptions options(authority->priv->cx);
const char *src;
JS::RootedObject obj(authority->priv->cx);
gchar **keys;

View File

@ -0,0 +1,13 @@
diff -up ./src/programs/pkttyagent.c.ori ./src/programs/pkttyagent.c
--- ./src/programs/pkttyagent.c.ori 2018-08-01 15:51:28.495910434 +0200
+++ ./src/programs/pkttyagent.c 2018-08-02 15:51:45.126311197 +0200
@@ -150,7 +150,8 @@ main (int argc, char *argv[])
authority = polkit_authority_get_sync (NULL /* GCancellable* */, &error);
if (authority == NULL)
{
- g_printerr ("Error getting authority: %s (%s, %d)\n",
+ g_printerr ("Authorization not available. Check if polkit service is running or see debug message for more information.\n");
+ g_debug ("Error getting authority: %s (%s, %d)\n",
error->message, g_quark_to_string (error->domain), error->code);
g_error_free (error);
ret = 127;

View File

@ -0,0 +1,12 @@
diff -up ./src/programs/pkttyagent.c.ori ./src/programs/pkttyagent.c
--- ./src/programs/pkttyagent.c.ori 2019-09-27 14:14:35.096310576 +0200
+++ ./src/programs/pkttyagent.c 2019-09-27 14:14:56.988586737 +0200
@@ -55,7 +55,7 @@ static void tty_handler(int signal)
if (tty_flags_saved)
{
- tcsetattr (fileno (tty), TCSAFLUSH, &ts);
+ tcsetattr (fileno (tty), TCSADRAIN, &ts);
}
kill(getpid(), signal);

View File

@ -0,0 +1,94 @@
commit bfb722bbe5a503095cc7e860f282b142f5aa75f1
Author: Jan Rybar <jrybar@redhat.com>
Date: Fri Mar 15 16:07:53 2019 +0000
pkttyagent: PolkitAgentTextListener leaves echo tty disabled if SIGINT/SIGTERM
If no password is typed into terminal during authentication raised by PolkitAgentTextListener, pkttyagent sends kill (it receives from systemctl/hostnamectl e.g.) without chance to restore echoing back on. This cannot be done in on_request() since it's run in a thread without guarantee the signal is distributed there.
diff --git a/src/programs/pkttyagent.c b/src/programs/pkttyagent.c
index 3f324b8..3c8d502 100644
--- a/src/programs/pkttyagent.c
+++ b/src/programs/pkttyagent.c
@@ -25,11 +25,44 @@
#include <stdio.h>
#include <stdlib.h>
+#include <signal.h>
+#include <termios.h>
#include <glib/gi18n.h>
#include <polkit/polkit.h>
#define POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE
#include <polkitagent/polkitagent.h>
+
+static volatile sig_atomic_t tty_flags_saved;
+struct termios ts;
+FILE *tty = NULL;
+struct sigaction savesigterm, savesigint, savesigtstp;
+
+
+static void tty_handler(int signal)
+{
+ switch (signal)
+ {
+ case SIGTERM:
+ sigaction (SIGTERM, &savesigterm, NULL);
+ break;
+ case SIGINT:
+ sigaction (SIGINT, &savesigint, NULL);
+ break;
+ case SIGTSTP:
+ sigaction (SIGTSTP, &savesigtstp, NULL);
+ break;
+ }
+
+ if (tty_flags_saved)
+ {
+ tcsetattr (fileno (tty), TCSAFLUSH, &ts);
+ }
+
+ kill(getpid(), signal);
+}
+
+
int
main (int argc, char *argv[])
{
@@ -74,6 +107,8 @@ main (int argc, char *argv[])
GMainLoop *loop = NULL;
guint ret = 126;
GVariantBuilder builder;
+ struct sigaction sa;
+ const char *tty_name = NULL;
/* Disable remote file access from GIO. */
setenv ("GIO_USE_VFS", "local", 1);
@@ -212,6 +247,27 @@ main (int argc, char *argv[])
}
}
+/* Bash leaves tty echo disabled if SIGINT/SIGTERM comes to polkitagenttextlistener.c::on_request(),
+ but due to threading the handlers cannot take care of the signal there.
+ Though if controlling terminal cannot be found, the world won't stop spinning.
+*/
+ tty_name = ctermid(NULL);
+ if (tty_name != NULL)
+ {
+ tty = fopen(tty_name, "r+");
+ }
+
+ if (tty != NULL && !tcgetattr (fileno (tty), &ts))
+ {
+ tty_flags_saved = TRUE;
+ }
+
+ memset (&sa, 0, sizeof (sa));
+ sa.sa_handler = &tty_handler;
+ sigaction (SIGTERM, &sa, &savesigterm);
+ sigaction (SIGINT, &sa, &savesigint);
+ sigaction (SIGTSTP, &sa, &savesigtstp);
+
loop = g_main_loop_new (NULL, FALSE);
g_main_loop_run (loop);

View File

@ -0,0 +1,11 @@
diff -up ./src/polkitagent/polkitagentlistener.c.ori ./src/polkitagent/polkitagentlistener.c
--- ./src/polkitagent/polkitagentlistener.c.ori 2018-08-10 14:58:58.555475169 +0200
+++ ./src/polkitagent/polkitagentlistener.c 2018-08-10 14:59:15.900396570 +0200
@@ -439,6 +439,7 @@ polkit_agent_listener_register_with_opti
server->thread_initialization_error = NULL;
g_thread_join (server->thread);
server_free (server);
+ server = NULL;
goto out;
}
}

View File

@ -0,0 +1,13 @@
diff -up ./src/polkitbackend/polkitbackendjsauthority.cpp.ori ./src/polkitbackend/polkitbackendjsauthority.cpp
--- ./src/polkitbackend/polkitbackendjsauthority.cpp.ori 2018-04-03 22:57:57.000000000 +0200
+++ ./src/polkitbackend/polkitbackendjsauthority.cpp 2018-08-14 16:47:48.416993302 +0200
@@ -1595,7 +1595,8 @@ utils_spawn_data_free (UtilsSpawnData *d
(GSourceFunc) utils_child_watch_from_release_cb,
source,
(GDestroyNotify) g_source_destroy);
- g_source_attach (source, data->main_context);
+ /* attach source to the global default main context */
+ g_source_attach (source, NULL);
g_source_unref (source);
data->child_pid = 0;
}

View File

@ -0,0 +1,77 @@
diff -up ./src/polkitagent/polkitagenttextlistener.c.ori ./src/polkitagent/polkitagenttextlistener.c
--- ./src/polkitagent/polkitagenttextlistener.c.ori 2018-05-31 13:52:23.000000000 +0200
+++ ./src/polkitagent/polkitagenttextlistener.c 2022-10-21 17:21:11.227665209 +0200
@@ -121,6 +121,12 @@ polkit_agent_text_listener_class_init (P
listener_class = POLKIT_AGENT_LISTENER_CLASS (klass);
listener_class->initiate_authentication = polkit_agent_text_listener_initiate_authentication;
listener_class->initiate_authentication_finish = polkit_agent_text_listener_initiate_authentication_finish;
+
+ g_signal_new("tty_attrs_changed",
+ G_TYPE_FROM_CLASS(gobject_class),
+ G_SIGNAL_RUN_LAST | G_SIGNAL_NO_RECURSE | G_SIGNAL_NO_HOOKS,
+ 0, NULL, NULL, NULL,
+ G_TYPE_NONE, 1, G_TYPE_BOOLEAN);
}
/**
@@ -268,6 +274,7 @@ on_request (PolkitAgentSession *session,
* the problem.
*/
+ g_signal_emit_by_name(listener, "tty_attrs_changed", TRUE);
tcgetattr (fileno (listener->tty), &ts);
ots = ts;
ts.c_lflag &= ~(ECHO | ECHOE | ECHOK | ECHONL);
@@ -296,6 +303,7 @@ on_request (PolkitAgentSession *session,
}
}
tcsetattr (fileno (listener->tty), TCSAFLUSH, &ots);
+ g_signal_emit_by_name(listener, "tty_attrs_changed", FALSE);
putc ('\n', listener->tty);
polkit_agent_session_response (session, str->str);
diff -up ./src/programs/pkttyagent.c.ori ./src/programs/pkttyagent.c
--- ./src/programs/pkttyagent.c.ori 2020-01-28 14:16:32.000000000 +0100
+++ ./src/programs/pkttyagent.c 2022-10-21 16:56:12.449760361 +0200
@@ -34,6 +34,7 @@
static volatile sig_atomic_t tty_flags_saved;
+static volatile sig_atomic_t tty_flags_changed;
struct termios ts;
FILE *tty = NULL;
struct sigaction savesigterm, savesigint, savesigtstp;
@@ -54,7 +55,7 @@ static void tty_handler(int signal)
break;
}
- if (tty_flags_saved)
+ if (tty_flags_saved && tty_flags_changed)
{
tcsetattr (fileno (tty), TCSADRAIN, &ts);
}
@@ -63,6 +64,14 @@ static void tty_handler(int signal)
}
+static void tty_attrs_changed(PolkitAgentListener *listener G_GNUC_UNUSED,
+ gboolean changed,
+ gpointer user_data G_GNUC_UNUSED)
+{
+ tty_flags_changed = changed;
+}
+
+
int
main (int argc, char *argv[])
{
@@ -221,6 +230,9 @@ main (int argc, char *argv[])
ret = 127;
goto out;
}
+ g_signal_connect(G_OBJECT(listener), "tty_attrs_changed",
+ G_CALLBACK(tty_attrs_changed), NULL);
+
local_agent_handle = polkit_agent_listener_register_with_options (listener,
POLKIT_AGENT_REGISTER_FLAGS_RUN_IN_THREAD,
subject,

6
polkit-0.115.tar.gz.sign Normal file
View File

@ -0,0 +1,6 @@
-----BEGIN PGP SIGNATURE-----
iF0EABECAB0WIQTBl22e2Rp0WcvOUxRaM/Zgs4R53wUCW0S8UgAKCRBaM/Zgs4R5
3wNmAJ9YYc3MgbepSXr0mqWdiL93TmYMvwCeNf1e4EGsqndw9DP3CbpICMN7gV0=
=mAps
-----END PGP SIGNATURE-----

616
polkit.spec Normal file
View File

@ -0,0 +1,616 @@
# Only enable if using patches that touches configure.ac,
# Makefile.am or other build system related files
#
%define enable_autoreconf 1
Summary: An authorization framework
Name: polkit
Version: 0.115
Release: 15%{?dist}
License: LGPLv2+
URL: http://www.freedesktop.org/wiki/Software/polkit
Source0: http://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.gz
Source1: http://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.gz.sign
Group: System Environment/Libraries
Patch1: polkit-0.115-bus-conn-msg-ssh.patch
Patch2: polkit-0.115-pkttyagent-auth-errmsg-debug.patch
Patch3: polkit-0.115-polkitagentlistener-res-leak.patch
Patch4: polkit-0.115-spawning-zombie-processes.patch
Patch5: polkit-0.115-CVE-2018-19788.patch
Patch6: polkit-0.115-CVE-2019-6133.patch
Patch7: polkit-0.115-pkttyagent-tty-echo-off-on-fail.patch
Patch8: polkit-0.115-allow-uid-of-1.patch
Patch9: polkit-0.115-move-to-mozjs60.patch
Patch10: polkit-0.115-jsauthority-memleak.patch
Patch11: polkit-0.115-pkttyagent-tcsaflush-batch-erase.patch
Patch12: polkit-0.115-CVE-2021-3560.patch
Patch13: polkit-0.115-CVE-2021-4034.patch
Patch14: polkit-0.115-CVE-2021-4115.patch
Patch15: polkit-0.115-tty-flags-restore-if-changed.patch
BuildRequires: gcc-c++
BuildRequires: glib2-devel >= 2.30.0
BuildRequires: expat-devel
BuildRequires: pam-devel
BuildRequires: gtk-doc
BuildRequires: intltool
BuildRequires: gobject-introspection-devel
BuildRequires: systemd, systemd-devel
BuildRequires: pkgconfig(mozjs-60)
BuildRequires: git
%if 0%{?enable_autoreconf}
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: libtool
%endif
Requires: dbus, polkit-pkla-compat
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
Requires(pre): shadow-utils
Requires(post): /sbin/ldconfig, systemd
Requires(preun): systemd
Requires(postun): /sbin/ldconfig, systemd
Obsoletes: PolicyKit <= 0.10
Provides: PolicyKit = 0.11
# polkit saw some API/ABI changes from 0.96 to 0.97 so require a
# sufficiently new polkit-gnome package
Conflicts: polkit-gnome < 0.97
Obsoletes: polkit-desktop-policy < 0.103
Provides: polkit-desktop-policy = 0.103
Obsoletes: polkit-js-engine < 0.110-4
Provides: polkit-js-engine = %{version}-%{release}
# when -libs was split out, handle multilib upgrade path -- rex
Obsoletes: polkit < 0.113-3
%description
polkit is a toolkit for defining and handling authorizations. It is
used for allowing unprivileged processes to speak to privileged
processes.
%package devel
Summary: Development files for polkit
Group: Development/Libraries
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
Requires: %name-docs = %{version}-%{release}
Requires: glib2-devel
Obsoletes: PolicyKit-devel <= 0.10
Provides: PolicyKit-devel = 0.11
%description devel
Development files for polkit.
%package docs
Summary: Development documentation for polkit
Group: Development/Libraries
Requires: %name-devel = %{version}-%{release}
Obsoletes: PolicyKit-docs <= 0.10
Provides: PolicyKit-docs = 0.11
BuildArch: noarch
%description docs
Development documentation for polkit.
%package libs
Summary: Libraries for polkit
Group: Development/Libraries
%description libs
Libraries files for polkit.
%prep
%autosetup -S git
%build
%if 0%{?enable_autoreconf}
autoreconf -i
%endif
# we can't use _hardened_build here, see
# https://bugzilla.redhat.com/show_bug.cgi?id=962005
export CFLAGS='-fPIC %optflags'
export LDFLAGS='-pie -Wl,-z,now -Wl,-z,relro'
%configure --enable-gtk-doc \
--disable-static \
--enable-introspection \
--disable-examples \
--enable-libsystemd-login=yes
make V=1
%install
make install DESTDIR=$RPM_BUILD_ROOT INSTALL='install -p'
rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
%find_lang polkit-1
%pre
getent group polkitd >/dev/null || groupadd -r polkitd
getent passwd polkitd >/dev/null || useradd -r -g polkitd -d / -s /sbin/nologin -c "User for polkitd" polkitd
exit 0
%post
# The implied (systemctl preset) will fail and complain, but the macro hides
# and ignores the fact. This is in fact what we want, polkit.service does not
# have an [Install] section and it is always started on demand.
%systemd_post polkit.service
%preun
%systemd_preun polkit.service
%postun
%systemd_postun_with_restart polkit.service
%files -f polkit-1.lang
%doc COPYING NEWS README
%{_datadir}/man/man1/*
%{_datadir}/man/man8/*
%{_datadir}/dbus-1/system-services/*
%{_unitdir}/polkit.service
%dir %{_datadir}/polkit-1/
%dir %{_datadir}/polkit-1/actions
%attr(0700,polkitd,root) %dir %{_datadir}/polkit-1/rules.d
%{_datadir}/polkit-1/actions/org.freedesktop.policykit.policy
%dir %{_sysconfdir}/polkit-1
%{_sysconfdir}/polkit-1/rules.d/50-default.rules
%attr(0700,polkitd,root) %dir %{_sysconfdir}/polkit-1/rules.d
%{_sysconfdir}/dbus-1/system.d/org.freedesktop.PolicyKit1.conf
%{_sysconfdir}/pam.d/polkit-1
%{_bindir}/pkaction
%{_bindir}/pkcheck
%{_bindir}/pkttyagent
%dir %{_prefix}/lib/polkit-1
%{_prefix}/lib/polkit-1/polkitd
# see upstream docs for why these permissions are necessary
%attr(4755,root,root) %{_bindir}/pkexec
%attr(4755,root,root) %{_prefix}/lib/polkit-1/polkit-agent-helper-1
%files devel
%{_libdir}/lib*.so
%{_libdir}/pkgconfig/*.pc
%{_datadir}/gir-1.0/*.gir
%{_includedir}/*
%{_datadir}/gettext/its/polkit.its
%{_datadir}/gettext/its/polkit.loc
%files docs
%{_datadir}/gtk-doc
%post libs -p /sbin/ldconfig
%postun libs -p /sbin/ldconfig
%files libs
%{_libdir}/lib*.so.*
%{_libdir}/girepository-1.0/*.typelib
%changelog
* Tue Nov 08 2022 Jan Rybar <jrybar@redhat.com> - 0.115-15
- pkttyagent gets stopped if killed in the background
- Resolves: rhbz#2128989
* Tue Feb 15 2022 Jan Rybar <jrybar@redhat.com> - 0.115-14
- file descriptor exhaustion (GHSL-2021-077)
- Resolves: CVE-2021-4115
* Fri Dec 03 2021 Jan Rybar <jrybar@redhat.com> - 0.115-13
- pkexec: argv overflow results in local privilege esc.
- Resolves: CVE-2021-4034
* Tue May 25 2021 Jan Rybar <jrybar@redhat.com> - 0.115-12
- early disconnection from D-Bus results in privilege esc.
- Resolves: CVE-2021-3560
* Mon Nov 04 2019 Jan Rybar <jrybar@redhat.com> - 0.115-11
- pkttyagent: resetting terminal erases rest of input line
- Resolves: rhbz#1757853
* Tue Oct 29 2019 Jan Rybar <jrybar@redhat.com> - 0.115-10
- Fix of jasuthority memleak
- Resolves: rhbz#1745918
* Tue Sep 10 2019 Jan Rybar <jrybar@redhat.com> - 0.115-9
- Rebuild to reflect mozjs60 s390 abi change
- Related: rhbz#1746889
* Thu Jun 13 2019 Jan Rybar <jrybar@redhat.com> - 0.115-8
- Backport changing dependency to mozjs60
- Resolves: rhbz#1729416
* Thu Jun 13 2019 Jan Rybar <jrybar@redhat.com> - 0.115-7
- pkttyagent: polkit-agent-helper-1 timeout leaves tty echo disabled
- Mitigation of regression caused by fix of CVE-2018-19788
- Resolves: rhbz#1693781
- Resolves: rhbz#1693814
* Mon Jan 21 2019 Jan Rybar <jrybar@redhat.com> - 0.115-6
- Fix of CVE-2019-6133, PID reuse via slow fork
- Resolves: rhbz#1667778
* Thu Dec 06 2018 Jan Rybar <jrybar@redhat.com> - 0.115-5
- Fix of CVE-2018-19788, priv escalation with high UIDs
- Resolves: rhbz#1656378
* Thu Aug 16 2018 Jan Rybar <jrybar@redhat.com> - 0.115-4
- Spawned zombie subprocesses not reaped
- Resolves: rhbz#1616282
* Fri Aug 10 2018 Jan Rybar <jrybar@redhat.com> - 0.115-3
- Resource leak found by static analyzer
- Resolves: rhbz#1602661
* Tue Aug 07 2018 Jan Rybar <jrybar@redhat.com> - 0.115-2
- Error message about getting authority is too elaborate (forward of #1342855)
- Bus disconnection report moved to debug mode (forward of #1249627)
* Tue Jul 10 2018 Miloslav Trmač <mitr@redhat.com> - 0.115-1
- Update to 0.115 (CVE-2018-1116)
* Tue Apr 03 2018 Ray Strode <rstrode@redhat.com> - 0.114-1
- Update to 0.114
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.113-16
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.113-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.113-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Thu Apr 13 2017 Richard Hughes <rhughes@redhat.com> - 0.113-13
- Add the its files from upstream.
* Tue Apr 4 2017 Miloslav Trmač <mitr@redhat.com> - 0.113-12
- Fix a memory leak in PolkitPermission.
Patch by Rui Matos <tiagomatos@gmail.com>
Resolves: #1433915
* Tue Apr 4 2017 Miloslav Trmač <mitr@redhat.com> - 0.113-11
- Revert back to the state in 0.113-7, undoing the untested changes.
* Tue Apr 4 2017 Peter Robinson <pbrobinson@fedoraproject.org> 0.113-10
- Move to an upstream snapshot, rebase patches
* Fri Mar 31 2017 Rex Dieter <rdieter@fedoraproject.org> - 0.113-9
- restore Provides: polkit-desktop-policy polkit-js-engine
* Thu Mar 30 2017 Peter Robinson <pbrobinson@fedoraproject.org> 0.113-8
- Use %%license, license needs to be in -libs as it's the only guaranteed installed package
- Move to mozjs38
- Other upstream fixes
- Spec cleanups
* Mon Feb 13 2017 Miloslav Trmač <mitr@redhat.com> - 0.113-7
- Fix memory leaks when calling authentication agents
Resolves: #1380166
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.113-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.113-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Tue Jul 14 2015 Miloslav Trmač <mitr@redhat.com> - 0.113-4
- Bump the Obsoletes: to < 0.113-3 to account for the non-split 0.113-2.fc21
Resolves: #1243004
* Sun Jul 12 2015 Rex Dieter <rdieter@fedoraproject.org> 0.113-3
- Obsoletes: polkit < 0.112-8 (handle multilib upgrade path)
* Fri Jul 10 2015 Miloslav Trmač <mitr@redhat.com> - 0.113-2
- Add a fully versioned dependency from polkit to polkit-libs
Resolves: #1241759
- Require polkit-libs, not polkit, in polkit-devel
* Thu Jul 2 2015 Miloslav Trmač <mitr@redhat.com> - 0.113-1
- Update to polkit-0.113 (CVE-2015-3218, CVE-2015-3255, CVE-2015-3256,
CVE-2015-4625)
Resolves: #910262, #1175061, #1177930, #1194391, #1228739, #1233810
* Fri Jun 19 2015 Miloslav Trmač <mitr@redhat.com> - 0.112-11
- Add BuildRequires: systemd so that %%{_unitdir} is defined, to fix the build.
* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.112-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Sun Jan 25 2015 Rex Dieter <rdieter@fedoraproject.org> - 0.112-9
- polkit doesn't release reference counters of GVariant data (#1180886)
- fix ldconfig scriptlets (move to -libs subpkg)
* Sat Nov 08 2014 Colin Walters <walters@redhat.com> - 0.112-8
- Split separate -libs package, so that NetworkManager can just depend on
that, without dragging in the daemon (as well as libmozjs17). This
allows the creation of more minimal systems that want programs like NM,
but do not need the configurability of the daemon; it would be ok if only
root is authorized.
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.112-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Tue Jul 22 2014 Kalev Lember <kalevlember@gmail.com> - 0.112-6
- Rebuilt for gobject-introspection 1.41.4
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.112-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Thu Jun 5 2014 Kay Sievers <kay@redhat.com> - 0.112-4
- backport upstream D-Bus "user bus" changes
* Mon Feb 10 2014 Miloslav Trmač <mitr@redhat.com> - 0.112-3
- Fix a PolkitAgentSession race condition
Resolves: #1063193
* Sat Dec 7 2013 Miloslav Trmač <mitr@redhat.com> - 0.112-2
- Workaround pam_systemd setting broken XDG_RUNTIME_DIR
Resolves: #1033774
- Always use mozjs-17.0 even if js-devel is installed
* Wed Sep 18 2013 Miloslav Trmač <mitr@redhat.com> - 0.112-1
- Update to polkit-0.112
- Resolves: #1009538, CVE-2013-4288
* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.111-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Wed May 29 2013 Tomas Bzatek <tbzatek@redhat.com> - 0.111-2
- Fix a race on PolkitSubject type registration (#866718)
* Wed May 15 2013 Miloslav Trmač <mitr@redhat.com> - 0.111-1
- Update to polkit-0.111
Resolves: #917888
- Use SpiderMonkey from mozjs17 instead of js
- Ship the signature in the srpm
- Try to preserve timestamps in (make install)
* Fri May 10 2013 Miloslav Trmač <mitr@redhat.com> - 0.110-4
- Shut up rpmlint about Summary:
- Build with V=1
- Use %%{_unitdir} instead of hard-coding the path
- Use the new systemd macros, primarily to run (systemctl daemon-reload)
Resolves: #857382
* Fri May 10 2013 Miloslav Trmač <mitr@redhat.com> - 0.110-4
- Make the JavaScript engine mandatory. The polkit-js-engine package has been
removed, main polkit package Provides:polkit-js-engine for compatibility.
- Add Requires: polkit-pkla-compat
Resolves: #908808
* Wed Feb 13 2013 Miloslav Trmač <mitr@redhat.com> - 0.110-3
- Don't ship pk-example-frobnicate in the "live" configuration
Resolves: #878112
* Fri Feb 8 2013 Miloslav Trmač <mitr@redhat.com> - 0.110-2
- Own %%{_docdir}/polkit-js-engine-*
Resolves: #907668
* Wed Jan 9 2013 David Zeuthen <davidz@redhat.com> - 0.110-1%{?dist}
- Update to upstream release 0.110
* Mon Jan 7 2013 Matthias Clasen <mclasen@redhat.com> - 0.109-2%{?dist}
- Build with pie and stuff
* Wed Dec 19 2012 David Zeuthen <davidz@redhat.com> 0.109-1%{?dist}
- Update to upstream release 0.109
- Drop upstreamed patches
* Thu Nov 15 2012 David Zeuthen <davidz@redhat.com> 0.108-3%{?dist}
- Attempt to open the correct libmozjs185 library, otherwise polkit
authz rules will not work unless js-devel is installed (fdo #57146)
* Wed Nov 14 2012 David Zeuthen <davidz@redhat.com> 0.108-2%{?dist}
- Include gmodule-2.0 to avoid build error
* Wed Nov 14 2012 David Zeuthen <davidz@redhat.com> 0.108-1%{?dist}
- Update to upstream release 0.108
- Drop upstreamed patches
- This release dynamically loads the JavaScript interpreter and can
cope with it not being available. In this case, polkit authorization
rules are not processed and the defaults for an action - as defined
in its .policy file - are used for authorization decisions.
- Add new meta-package, polkit-js-engine, that pulls in the required
JavaScript bits to make polkit authorization rules work. The default
install - not the minimal install - should include this package
* Wed Oct 10 2012 Adam Jackson <ajax@redhat.com> 0.107-4
- Don't crash if initializing the server object fails
* Tue Sep 18 2012 David Zeuthen <davidz@redhat.com> 0.107-3%{?dist}
- Authenticate as root if e.g. the wheel group is empty (#834494)
* Fri Jul 27 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.107-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Wed Jul 11 2012 David Zeuthen <davidz@redhat.com> 0.107-1%{?dist}
- Update to upstream release 0.107
* Fri Jun 29 2012 David Zeuthen <davidz@redhat.com> 0.106-2%{?dist}
- Add forgotten Requires(pre): shadow-utils
* Thu Jun 07 2012 David Zeuthen <davidz@redhat.com> 0.106-1%{?dist}
- Update to upstream release 0.106
- Authorizations are no longer controlled by .pkla files - from now
on, use the new .rules files described in the polkit(8) man page
* Tue Apr 24 2012 David Zeuthen <davidz@redhat.com> 0.105-1%{?dist}
- Update to upstream release 0.105
- Nuke patches that are now upstream
- Change 'PolicyKit' to 'polkit' in summary and descriptions
* Thu Mar 08 2012 David Zeuthen <davidz@redhat.com> 0.104-6%{?dist}
- Don't leak file descriptors (bgo #671486)
* Mon Feb 13 2012 Matthias Clasen <mclasen@redhat.com> - 0.104-5%{?dist}
- Make the -docs subpackage noarch
* Mon Feb 06 2012 David Zeuthen <davidz@redhat.com> 0.104-4%{?dist}
- Set error if we cannot obtain a PolkitUnixSession for a given PID (#787222)
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.104-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Tue Jan 03 2012 David Zeuthen <davidz@redhat.com> 0.104-2%{?dist}
- Nuke the ConsoleKit run-time requirement
* Tue Jan 03 2012 David Zeuthen <davidz@redhat.com> 0.104-1%{?dist}
- Update to upstream release 0.104
- Force usage of systemd (instead of ConsoleKit) for session tracking
* Tue Dec 06 2011 David Zeuthen <davidz@redhat.com> 0.103-1%{?dist}
- Update to upstream release 0.103
- Drop upstreamed patch
- Drop Fedora-specific policy, it is now upstream (fdo #41008)
* Wed Oct 26 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.102-3
- Rebuilt for glibc bug#747377
* Tue Oct 18 2011 David Zeuthen <davidz@redhat.com> 0.102-2%{?dist}
- Add patch to neuter the annoying systemd behavior where stdout/stderr
is sent to the system logs
* Thu Aug 04 2011 David Zeuthen <davidz@redhat.com> 0.102-1
- Update to 0.102 release
* Fri May 13 2011 Bastien Nocera <bnocera@redhat.com> 0.101-7
- Allow setting the pretty hostname without a password for wheel,
change matches systemd in git
* Mon May 2 2011 Matthias Clasen <mclasen@redhat.com> - 0.101-6
- Update the action id of the datetime mechanism
* Tue Apr 19 2011 David Zeuthen <davidz@redhat.com> - 0.101-5
- CVE-2011-1485 (#697951)
* Tue Mar 22 2011 Kevin Kofler <Kevin@tigcc.ticalc.org> - 0.101-4
- Also allow org.kde.kcontrol.kcmclock.save without password for wheel
* Thu Mar 17 2011 David Zeuthen <davidz@redhat.com> - 0.101-3
- Fix typo in pkla file (thanks notting)
* Thu Mar 17 2011 David Zeuthen <davidz@redhat.com> - 0.101-2
- Nuke desktop_admin_r and desktop_user_r groups - just use the
wheel group instead (#688363)
- Update the set of configuration directives that gives users
in the wheel group extra privileges
* Thu Mar 03 2011 David Zeuthen <davidz@redhat.com> - 0.101-1
- New upstream version
* Mon Feb 21 2011 David Zeuthen <davidz@redhat.com> - 0.100-1
- New upstream version
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.98-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Fri Jan 28 2011 Matthias Clasen <mclasen@redhat.com> - 0.98-6
- Own /usr/libexec/polkit-1
* Fri Nov 12 2010 Matthias Clasen <mclasen@redhat.com> - 0.98-5
- Enable introspection
* Thu Sep 02 2010 David Zeuthen <davidz@redhat.com> - 0.98-4
- Fix #629515 in a way that doesn't require autoreconf
* Thu Sep 02 2010 David Zeuthen <davidz@redhat.com> - 0.98-2
- Include polkitagentenumtypes.h (#629515)
* Mon Aug 23 2010 Matthias Clasen <mclasen@redhat.com> - 0.98-1
- Update to upstream release 0.98
- Co-own /usr/share/gtk-doc (#604410)
* Wed Aug 18 2010 Matthias Clasen <mclasen@redhat.com> - 0.97-5
- Rebuid to work around bodhi limitations
* Wed Aug 18 2010 Matthias Clasen <mclasen@redhat.com> - 0.97-4
- Fix a ConsoleKit interaction bug
* Fri Aug 13 2010 David Zeuthen <davidz@redhat.com> - 0.97-3
- Add a patch to make pkcheck(1) work the way libvirtd uses it (#623257)
- Require GLib >= 2.25.12 instead of 2.25.11
- Ensure polkit-gnome packages earlier than 0.97 are not used with
these packages
* Mon Aug 09 2010 David Zeuthen <davidz@redhat.com> - 0.97-2
- Rebuild
* Mon Aug 09 2010 David Zeuthen <davidz@redhat.com> - 0.97-1
- Update to 0.97. This release contains a port from EggDBus to the
GDBus code available in recent GLib releases.
* Fri Jan 15 2010 David Zeuthen <davidz@redhat.com> - 0.96-1
- Update to 0.96
- Disable introspection support for the time being
* Fri Nov 13 2009 David Zeuthen <davidz@redhat.com> - 0.95-2
- Rebuild
* Fri Nov 13 2009 David Zeuthen <davidz@redhat.com> - 0.95-1
- Update to 0.95
- Drop upstreamed patches
* Tue Oct 20 2009 Matthias Clasen <mclasen@redhat.com> - 0.95-0.git20090913.3
- Fix a typo in pklocalauthority(8)
* Mon Sep 14 2009 David Zeuthen <davidz@redhat.com> - 0.95-0.git20090913.2
- Refine how Obsolete: is used and also add Provides: (thanks Jesse
Keating and nim-nim)
* Mon Sep 14 2009 David Zeuthen <davidz@redhat.com> - 0.95-0.git20090913.1
- Add bugfix for polkit_unix_process_new_full() (thanks Bastien Nocera)
- Obsolete old PolicyKit packages
* Sun Sep 13 2009 David Zeuthen <davidz@redhat.com> - 0.95-0.git20090913
- Update to git snapshot
- Drop upstreamed patches
- Turn on GObject introspection
- Don't delete desktop_admin_r and desktop_user_r groups when
uninstalling polkit-desktop-policy
* Fri Sep 11 2009 David Zeuthen <davidz@redhat.com> - 0.94-4
- Add some patches from git master
- Sort pkaction(1) output
- Bug 23867 UnixProcess vs. SystemBusName aliasing
* Thu Aug 13 2009 David Zeuthen <davidz@redhat.com> - 0.94-3
- Add desktop_admin_r and desktop_user_r groups along with a first cut
of default authorizations for users in these groups.
* Wed Aug 12 2009 David Zeuthen <davidz@redhat.com> - 0.94-2
- Disable GObject Introspection for now as it breaks the build
* Wed Aug 12 2009 David Zeuthen <davidz@redhat.com> - 0.94-1
- Update to upstream release 0.94
* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.93-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Mon Jul 20 2009 David Zeuthen <davidz@redhat.com> - 0.93-2
- Rebuild
* Mon Jul 20 2009 David Zeuthen <davidz@redhat.com> - 0.93-1
- Update to 0.93
* Tue Jun 09 2009 David Zeuthen <davidz@redhat.com> - 0.92-3
- Don't make docs noarch (I *heart* multilib)
- Change license to LGPLv2+
* Mon Jun 08 2009 David Zeuthen <davidz@redhat.com> - 0.92-2
- Rebuild
* Mon Jun 08 2009 David Zeuthen <davidz@redhat.com> - 0.92-1
- Update to 0.92 release
* Wed May 27 2009 David Zeuthen <davidz@redhat.com> - 0.92-0.git20090527
- Update to 0.92 snapshot
* Mon Feb 9 2009 David Zeuthen <davidz@redhat.com> - 0.91-1
- Initial spec file.

1
sources Normal file
View File

@ -0,0 +1 @@
SHA512 (polkit-0.115.tar.gz) = 1153011fa93145b2c184e6b3446d3ca21b38918641aeccd8fac3985ac3e30ec6bc75be6973985fde90f2a24236592f1595be259155061c2d33358dd17c4ee4fc