Allow uid=-1 for PolkitUnixProcess
https://gitlab.freedesktop.org/polkit/polkit/commit/c05472b86222a72505
This commit is contained in:
parent
ea66fc2c31
commit
90cb77b548
47
Allow-uid-of-1-for-a-PolkitUnixProcess.patch
Normal file
47
Allow-uid-of-1-for-a-PolkitUnixProcess.patch
Normal file
@ -0,0 +1,47 @@
|
|||||||
|
From 783ec80ec1b4d8f1dc20a2a41dfaddbc1c3f5ab2 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Matthew Leeds <matthew.leeds@endlessm.com>
|
||||||
|
Date: Tue, 11 Dec 2018 12:04:26 -0800
|
||||||
|
Subject: [PATCH] Allow uid of -1 for a PolkitUnixProcess
|
||||||
|
|
||||||
|
Commit 2cb40c4d5 changed PolkitUnixUser, PolkitUnixGroup, and
|
||||||
|
PolkitUnixProcess to allow negative values for their uid/gid properties,
|
||||||
|
since these are values above INT_MAX which wrap around but are still
|
||||||
|
valid, with the exception of -1 which is not valid. However,
|
||||||
|
PolkitUnixProcess allows a uid of -1 to be passed to
|
||||||
|
polkit_unix_process_new_for_owner() which means polkit is expected to
|
||||||
|
figure out the uid on its own (this happens in the _constructed
|
||||||
|
function). So this commit removes the check in
|
||||||
|
polkit_unix_process_set_property() so that new_for_owner() can be used
|
||||||
|
as documented without producing a critical error message.
|
||||||
|
|
||||||
|
This does not affect the protection against CVE-2018-19788 which is
|
||||||
|
based on creating a user with a UID up to but not including 4294967295
|
||||||
|
(-1).
|
||||||
|
---
|
||||||
|
src/polkit/polkitunixprocess.c | 9 ++-------
|
||||||
|
1 file changed, 2 insertions(+), 7 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c
|
||||||
|
index 78d7251..289a82e 100644
|
||||||
|
--- a/src/polkit/polkitunixprocess.c
|
||||||
|
+++ b/src/polkit/polkitunixprocess.c
|
||||||
|
@@ -228,14 +228,9 @@ polkit_unix_process_set_property (GObject *object,
|
||||||
|
polkit_unix_process_set_pid (unix_process, g_value_get_int (value));
|
||||||
|
break;
|
||||||
|
|
||||||
|
- case PROP_UID: {
|
||||||
|
- gint val;
|
||||||
|
-
|
||||||
|
- val = g_value_get_int (value);
|
||||||
|
- g_return_if_fail (val != -1);
|
||||||
|
- polkit_unix_process_set_uid (unix_process, val);
|
||||||
|
+ case PROP_UID:
|
||||||
|
+ polkit_unix_process_set_uid (unix_process, g_value_get_int (value));
|
||||||
|
break;
|
||||||
|
- }
|
||||||
|
|
||||||
|
case PROP_START_TIME:
|
||||||
|
polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value));
|
||||||
|
--
|
||||||
|
2.14.5
|
||||||
|
|
@ -6,7 +6,7 @@
|
|||||||
Summary: An authorization framework
|
Summary: An authorization framework
|
||||||
Name: polkit
|
Name: polkit
|
||||||
Version: 0.115
|
Version: 0.115
|
||||||
Release: 8%{?dist}
|
Release: 9%{?dist}
|
||||||
License: LGPLv2+
|
License: LGPLv2+
|
||||||
URL: http://www.freedesktop.org/wiki/Software/polkit
|
URL: http://www.freedesktop.org/wiki/Software/polkit
|
||||||
Source0: http://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.gz
|
Source0: http://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.gz
|
||||||
@ -18,6 +18,7 @@ Patch3: bus-conn-msg-ssh.patch
|
|||||||
Patch4: spawning-zombie-processes.patch
|
Patch4: spawning-zombie-processes.patch
|
||||||
Patch5: CVE-2018-19788.patch
|
Patch5: CVE-2018-19788.patch
|
||||||
Patch6: 0001-backend-Compare-PolkitUnixProcess-uids-for-temporary.patch
|
Patch6: 0001-backend-Compare-PolkitUnixProcess-uids-for-temporary.patch
|
||||||
|
Patch7: Allow-uid-of-1-for-a-PolkitUnixProcess.patch
|
||||||
|
|
||||||
BuildRequires: gcc-c++
|
BuildRequires: gcc-c++
|
||||||
BuildRequires: glib2-devel >= 2.30.0
|
BuildRequires: glib2-devel >= 2.30.0
|
||||||
@ -181,6 +182,9 @@ exit 0
|
|||||||
%{_libdir}/girepository-1.0/*.typelib
|
%{_libdir}/girepository-1.0/*.typelib
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Feb 05 2019 Jan Rybar <jrybar@redhat.com> - 0.115-9
|
||||||
|
- Allow uid=-1 for PolkitUnixProcess
|
||||||
|
|
||||||
* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.115-8
|
* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.115-8
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user