[arch-commits] Commit in accountsservice/trunk (2 files)

Wed Nov 6 14:06:11 UTC 2013

Date: Wednesday, November 6, 2013 @ 15:06:11
  Author: jgc
Revision: 199021

Add upstream security fix that disallows deleting root user
upgpkg: accountsservice 0.6.35-2

Added:
  accountsservice/trunk/avoid-deleting-the-root-user.patch
Modified:
  accountsservice/trunk/PKGBUILD

------------------------------------+
 PKGBUILD                           |   13 +++++++--
 avoid-deleting-the-root-user.patch |   47 +++++++++++++++++++++++++++++++++++
 2 files changed, 57 insertions(+), 3 deletions(-)

Modified: PKGBUILD
===================================================================

--- PKGBUILD	2013-11-06 13:59:24 UTC (rev 199020)
+++ PKGBUILD	2013-11-06 14:06:11 UTC (rev 199021)
@@ -3,7 +3,7 @@
 
 pkgname=accountsservice
 pkgver=0.6.35
-pkgrel=1
+pkgrel=2
 pkgdesc="D-Bus interface for user account query and manipulation"
 arch=(i686 x86_64)
 url="http://www.freedesktop.org/software/accountsservice/"
@@ -10,9 +10,16 @@
 license=('GPL3')
 depends=('glib2' 'polkit' 'systemd')
 makedepends=('intltool' 'gobject-introspection')
-source=($url/$pkgname-$pkgver.tar.xz)
-md5sums=('3a81133e95faafb603de4475802cb06a')
+source=($url/$pkgname-$pkgver.tar.xz
+        avoid-deleting-the-root-user.patch)
+md5sums=('3a81133e95faafb603de4475802cb06a'
+         '4970e77c3c0d56e513f9a5f29fdacd2c')
 
+prepare() {
+  cd $pkgname-$pkgver
+  patch -Np1 -i ../avoid-deleting-the-root-user.patch
+}
+
 build() {
   cd $pkgname-$pkgver
   ./configure --prefix=/usr --sysconfdir=/etc \

Added: avoid-deleting-the-root-user.patch
===================================================================
--- avoid-deleting-the-root-user.patch	                        (rev 0)
+++ avoid-deleting-the-root-user.patch	2013-11-06 14:06:11 UTC (rev 199021)
@@ -0,0 +1,47 @@
+From 980692e6b9cfe4a34e22f566e0981a8c549e4348 Mon Sep 17 00:00:00 2001
+From: Matthias Clasen <mclasen at redhat.com>
+Date: Fri, 01 Nov 2013 21:09:25 +0000
+Subject: Avoid deleting the root user
+
+The check we have in place against deleting the root user can
+be tricked by exploiting the fact that we are checking a gint64,
+and then later cast it to a uid_t. This can be seen with the
+following test, which will delete your root account:
+
+qdbus --system org.freedesktop.Accounts /org/freedesktop/Accounts \
+     org.freedesktop.Accounts.DeleteUser -9223372036854775808 true
+
+Found with the dfuzzer tool,
+https://github.com/matusmarhefka/dfuzzer
+---
+diff --git a/src/daemon.c b/src/daemon.c
+index ea75190..9c7001b 100644
+--- a/src/daemon.c
++++ b/src/daemon.c
+@@ -1227,7 +1227,7 @@ daemon_uncache_user (AccountsAccounts      *accounts,
+ }
+ 
+ typedef struct {
+-        gint64 uid;
++        uid_t uid;
+         gboolean remove_files;
+ } DeleteUserData;
+ 
+@@ -1309,13 +1309,13 @@ daemon_delete_user (AccountsAccounts      *accounts,
+         Daemon *daemon = (Daemon*)accounts;
+         DeleteUserData *data;
+ 
+-        if (uid == 0) {
++        if ((uid_t)uid == 0) {
+                 throw_error (context, ERROR_FAILED, "Refuse to delete root user");
+                 return TRUE;
+         }
+ 
+         data = g_new0 (DeleteUserData, 1);
+-        data->uid = uid;
++        data->uid = (uid_t)uid;
+         data->remove_files = remove_files;
+ 
+         daemon_local_check_auth (daemon,
+--
+cgit v0.9.0.2-2-gbebe


