[arch-commits] Commit in rtkit/trunk (2 files)
Jan Steffens
heftig at nymeria.archlinux.org
Wed Oct 2 22:41:24 UTC 2013
Date: Thursday, October 3, 2013 @ 00:41:24
Author: heftig
Revision: 195869
FS#37169 - [rtkit] security patch for CVE-2013-4326
Added:
rtkit/trunk/0001-SECURITY-Pass-uid-of-caller-to-polkit.patch
Modified:
rtkit/trunk/PKGBUILD
--------------------------------------------------+
0001-SECURITY-Pass-uid-of-caller-to-polkit.patch | 48 +++++++++++++++++++++
PKGBUILD | 9 ++-
2 files changed, 54 insertions(+), 3 deletions(-)
Added: 0001-SECURITY-Pass-uid-of-caller-to-polkit.patch
===================================================================
--- 0001-SECURITY-Pass-uid-of-caller-to-polkit.patch (rev 0)
+++ 0001-SECURITY-Pass-uid-of-caller-to-polkit.patch 2013-10-02 22:41:24 UTC (rev 195869)
@@ -0,0 +1,48 @@
+From f44c5776b25ca2abd7569fb8532c6aede9b0c6b0 Mon Sep 17 00:00:00 2001
+From: Colin Walters <walters at verbum.org>
+Date: Thu, 22 Aug 2013 16:05:22 -0400
+Subject: [PATCH] [SECURITY] Pass uid of caller to polkit
+
+Otherwise, we force polkit to look up the uid itself in /proc, which
+is racy if they execve() a setuid binary.
+---
+ rtkit-daemon.c | 11 ++++++++++-
+ 1 files changed, 10 insertions(+), 1 deletions(-)
+
+diff --git a/rtkit-daemon.c b/rtkit-daemon.c
+index 2ebe673..3ecc1f7 100644
+--- a/rtkit-daemon.c
++++ b/rtkit-daemon.c
+@@ -1170,12 +1170,14 @@ static int verify_polkit(DBusConnection *c, struct rtkit_user *u, struct process
+ DBusMessage *m = NULL, *r = NULL;
+ const char *unix_process = "unix-process";
+ const char *pid = "pid";
++ const char *uid = "uid";
+ const char *start_time = "start-time";
+ const char *cancel_id = "";
+ uint32_t flags = 0;
+ uint32_t pid_u32 = p->pid;
+- uint64_t start_time_u64 = p->starttime;
++ uint32_t uid_u32 = (uint32_t)u->uid;
+ DBusMessageIter iter_msg, iter_struct, iter_array, iter_dict, iter_variant;
++ uint64_t start_time_u64 = p->starttime;
+ int ret;
+ dbus_bool_t authorized = FALSE;
+
+@@ -1206,6 +1208,13 @@ static int verify_polkit(DBusConnection *c, struct rtkit_user *u, struct process
+ assert_se(dbus_message_iter_close_container(&iter_dict, &iter_variant));
+ assert_se(dbus_message_iter_close_container(&iter_array, &iter_dict));
+
++ assert_se(dbus_message_iter_open_container(&iter_array, DBUS_TYPE_DICT_ENTRY, NULL, &iter_dict));
++ assert_se(dbus_message_iter_append_basic(&iter_dict, DBUS_TYPE_STRING, &uid));
++ assert_se(dbus_message_iter_open_container(&iter_dict, DBUS_TYPE_VARIANT, "u", &iter_variant));
++ assert_se(dbus_message_iter_append_basic(&iter_variant, DBUS_TYPE_UINT32, &uid_u32));
++ assert_se(dbus_message_iter_close_container(&iter_dict, &iter_variant));
++ assert_se(dbus_message_iter_close_container(&iter_array, &iter_dict));
++
+ assert_se(dbus_message_iter_close_container(&iter_struct, &iter_array));
+ assert_se(dbus_message_iter_close_container(&iter_msg, &iter_struct));
+
+--
+1.7.1
+
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2013-10-02 21:50:10 UTC (rev 195868)
+++ PKGBUILD 2013-10-02 22:41:24 UTC (rev 195869)
@@ -4,7 +4,7 @@
pkgname=rtkit
pkgver=0.11
-pkgrel=3
+pkgrel=4
pkgdesc="Realtime Policy and Watchdog Daemon"
arch=(i686 x86_64)
url="http://git.0pointer.de/?p=rtkit.git"
@@ -12,15 +12,18 @@
depends=(dbus polkit systemd)
install=rtkit.install
source=(http://0pointer.de/public/$pkgname-$pkgver.tar.xz
- libsystemd.patch systemd205.patch)
+ libsystemd.patch systemd205.patch
+ 0001-SECURITY-Pass-uid-of-caller-to-polkit.patch)
md5sums=('a96c33b9827de66033d2311f82d79a5d'
'35089c0a284005f4abcf45168415857e'
- '95195a70551057aca833da6bdbf2e35b')
+ '95195a70551057aca833da6bdbf2e35b'
+ '70df212cba2a6366ff960b60d55858d3')
prepare() {
cd $pkgname-$pkgver
patch -Np1 -i ../libsystemd.patch
patch -Np1 -i ../systemd205.patch
+ patch -Np1 -i ../0001-SECURITY-Pass-uid-of-caller-to-polkit.patch
autoreconf -fi
}
More information about the arch-commits
mailing list