From 2e6cd8ac8fccc20effe79e124ca6fb596c246efb Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Mon, 8 Dec 2025 13:39:28 +0100 Subject: [PATCH] systemd-239-82.13 Resolves: RHEL-132317 --- ...-in-logind-on-user-specified-message.patch | 74 +++++++++++++++++++ systemd.spec | 6 +- 2 files changed, 79 insertions(+), 1 deletion(-) create mode 100644 1064-logind-fix-crash-in-logind-on-user-specified-message.patch diff --git a/1064-logind-fix-crash-in-logind-on-user-specified-message.patch b/1064-logind-fix-crash-in-logind-on-user-specified-message.patch new file mode 100644 index 0000000..8cf3da9 --- /dev/null +++ b/1064-logind-fix-crash-in-logind-on-user-specified-message.patch @@ -0,0 +1,74 @@ +From ed784c6dccf4e7b7d4628e02cf28b0d5725bab34 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Sun, 8 May 2022 17:21:09 +0200 +Subject: [PATCH] logind: fix crash in logind on user-specified message string + +This is trivially exploitable (in the sense of causing a crash from SEGV) e.g. +by 'shutdown now "Message %s %s %n"'. The message is settable through polkit, +but is limited to auth_admin: + + + Set a wall message + Authentication is required to set a wall message + + auth_admin_keep + auth_admin_keep + auth_admin_keep + + + +Bug introduced in 9ef15026c0e7e6600372056c43442c99ec53746e +('logind/systemctl: introduce SetWallMessage and --message', 2015-09-15). + +(cherry picked from commit 0cb09bcb825ab86ba4ca70be4e6322eaf9baee95) + +Related: RHEL-132317 +--- + src/login/logind-dbus.c | 21 ++++++++++----------- + 1 file changed, 10 insertions(+), 11 deletions(-) + +diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c +index 61fd47999d..ffa6af8d49 100644 +--- a/src/login/logind-dbus.c ++++ b/src/login/logind-dbus.c +@@ -1414,30 +1414,29 @@ static int bus_manager_log_shutdown( + assert(unit_name); + + if (streq(unit_name, SPECIAL_POWEROFF_TARGET)) { +- p = "MESSAGE=System is powering down"; ++ p = "System is powering down"; + q = "SHUTDOWN=power-off"; + } else if (streq(unit_name, SPECIAL_REBOOT_TARGET)) { +- p = "MESSAGE=System is rebooting"; ++ p = "System is rebooting"; + q = "SHUTDOWN=reboot"; + } else if (streq(unit_name, SPECIAL_HALT_TARGET)) { +- p = "MESSAGE=System is halting"; ++ p = "System is halting"; + q = "SHUTDOWN=halt"; + } else if (streq(unit_name, SPECIAL_KEXEC_TARGET)) { +- p = "MESSAGE=System is rebooting with kexec"; ++ p = "System is rebooting with kexec"; + q = "SHUTDOWN=kexec"; + } else { +- p = "MESSAGE=System is shutting down"; ++ p = "System is shutting down"; + q = NULL; + } + +- if (isempty(m->wall_message)) +- p = strjoina(p, "."); +- else +- p = strjoina(p, " (", m->wall_message, ")."); +- + return log_struct(LOG_NOTICE, + "MESSAGE_ID=" SD_MESSAGE_SHUTDOWN_STR, +- p, ++ LOG_MESSAGE("%s%s%s%s.", ++ p, ++ m->wall_message ? " (" : "", ++ strempty(m->wall_message), ++ m->wall_message ? ")" : ""), + q); + } + diff --git a/systemd.spec b/systemd.spec index 4271b28..4c34539 100644 --- a/systemd.spec +++ b/systemd.spec @@ -13,7 +13,7 @@ Name: systemd Url: http://www.freedesktop.org/wiki/Software/systemd Version: 239 -Release: 82%{?dist}.12 +Release: 82%{?dist}.13 # For a breakdown of the licensing, see README License: LGPLv2+ and MIT and GPLv2+ Summary: System and Service Manager @@ -1113,6 +1113,7 @@ Patch1060: 1060-core-transaction-make-merge_unit_ids-return-non-NULL.patch Patch1061: 1061-core-transaction-do-not-log-null.patch Patch1062: 1062-run-update-checks-to-allow-running-with-a-user-s-bus.patch Patch1063: 1063-Revert-run-update-checks-to-allow-running-with-a-use.patch +Patch1064: 1064-logind-fix-crash-in-logind-on-user-specified-message.patch %ifarch %{ix86} x86_64 aarch64 %global have_gnu_efi 1 @@ -1739,6 +1740,9 @@ fi %files tests -f .file-list-tests %changelog +* Mon Dec 08 2025 systemd maintenance team - 239-82.13 +- logind: fix crash in logind on user-specified message string (RHEL-132317) + * Fri Dec 05 2025 systemd maintenance team - 239-82.12 - Revert "run: update checks to allow running with a user's bus" (RHEL-118835)