diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2013-12-05 16:22:26 +0100 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2013-12-05 16:22:26 +0100 |
commit | 6856c318fc7bade88d2c9dab3c2cf1f0464d344d (patch) | |
tree | 410058c1e8c33d5f08f0dfe372032d4828f51894 | |
parent | c7bed2af4b76ce0a86fc558d4b5df1b538c808ed (diff) | |
download | alpine_aports-6856c318fc7bade88d2c9dab3c2cf1f0464d344d.tar.bz2 alpine_aports-6856c318fc7bade88d2c9dab3c2cf1f0464d344d.tar.xz alpine_aports-6856c318fc7bade88d2c9dab3c2cf1f0464d344d.zip |
main/polkit: securitu fix for CVE-2013-4288
ref #2471
-rw-r--r-- | main/polkit/APKBUILD | 12 | ||||
-rw-r--r-- | main/polkit/CVE-2013-4288.patch | 123 |
2 files changed, 134 insertions, 1 deletions
diff --git a/main/polkit/APKBUILD b/main/polkit/APKBUILD index 8e99a7dfad..619dd1ee8d 100644 --- a/main/polkit/APKBUILD +++ b/main/polkit/APKBUILD | |||
@@ -2,7 +2,7 @@ | |||
2 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> | 2 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> |
3 | pkgname=polkit | 3 | pkgname=polkit |
4 | pkgver=0.105 | 4 | pkgver=0.105 |
5 | pkgrel=1 | 5 | pkgrel=2 |
6 | pkgdesc="Application development toolkit for controlling system-wide privileges" | 6 | pkgdesc="Application development toolkit for controlling system-wide privileges" |
7 | url="http://www.freedesktop.org/wiki/Software/PolicyKit" | 7 | url="http://www.freedesktop.org/wiki/Software/PolicyKit" |
8 | arch="all" | 8 | arch="all" |
@@ -15,6 +15,7 @@ install= | |||
15 | subpackages="$pkgname-dev $pkgname-doc $pkgname-lang" | 15 | subpackages="$pkgname-dev $pkgname-doc $pkgname-lang" |
16 | source="http://www.freedesktop.org/software/polkit/releases/polkit-$pkgver.tar.gz | 16 | source="http://www.freedesktop.org/software/polkit/releases/polkit-$pkgver.tar.gz |
17 | 0001-Bug-50145-make-netgroup-support-optional.patch | 17 | 0001-Bug-50145-make-netgroup-support-optional.patch |
18 | CVE-2013-4288.patch | ||
18 | automake.patch | 19 | automake.patch |
19 | " | 20 | " |
20 | 21 | ||
@@ -64,4 +65,13 @@ package() { | |||
64 | 65 | ||
65 | md5sums="9c29e1b6c214f0bd6f1d4ee303dfaed9 polkit-0.105.tar.gz | 66 | md5sums="9c29e1b6c214f0bd6f1d4ee303dfaed9 polkit-0.105.tar.gz |
66 | bb4e7bffa5bad89bf3033b3d866a4087 0001-Bug-50145-make-netgroup-support-optional.patch | 67 | bb4e7bffa5bad89bf3033b3d866a4087 0001-Bug-50145-make-netgroup-support-optional.patch |
68 | 2f2b7a0a5e79516582ce12a80c5677a2 CVE-2013-4288.patch | ||
67 | 38dfb2ffefa4f84d64e4cd93fda145f2 automake.patch" | 69 | 38dfb2ffefa4f84d64e4cd93fda145f2 automake.patch" |
70 | sha256sums="8fdc7cc8ba4750fcce1a4db9daa759c12afebc7901237e1c993c38f08985e1df polkit-0.105.tar.gz | ||
71 | 80bf119937c5b75887bf6405e69e364a31e6e2edcac7957816ed7d8ea6b2a5a3 0001-Bug-50145-make-netgroup-support-optional.patch | ||
72 | 394be8089e90ed662af0b2043fa6abdda0c062d89970ce5f5a25df8633123d5e CVE-2013-4288.patch | ||
73 | de9e99ec691e45fc204eba576e301299952c0eb13ecedcb7399ba1b6aab94200 automake.patch" | ||
74 | sha512sums="7c0f84b9639814b4690e42b570285ff2018a5ea4cfd7216d9abf44c84ece6592c530f2d6211511c1346963daf4f135e9fa79d1b2f592b454115950991b5e4bc3 polkit-0.105.tar.gz | ||
75 | 09ca9c14044c0a281e9069919efbb6d14918f23f58a282b5ce25c8a6640966396904373822869fe994c711f40c33d5c34cf3b77f85a59e239ba3d0c22a31ca8e 0001-Bug-50145-make-netgroup-support-optional.patch | ||
76 | d6de3beb063243c11906f525ef2eb65aeca823c25b1f44dde4a16f4fc2c5ce587b129e0bfb25a4a4b88ac2bf5713c47e57700c139323d961c9f9b6ba4c03fffb CVE-2013-4288.patch | ||
77 | 25465a23332247d0873e24cb5f011a267413615526755a8295a6367d64fc5eb8c2aa3c9c1fdcfa183b39e3ece14f33b25f15a339d966a31f3feb861b3f17adbf automake.patch" | ||
diff --git a/main/polkit/CVE-2013-4288.patch b/main/polkit/CVE-2013-4288.patch new file mode 100644 index 0000000000..0ca8131e81 --- /dev/null +++ b/main/polkit/CVE-2013-4288.patch | |||
@@ -0,0 +1,123 @@ | |||
1 | From a3fa3b86f0015e42a534526ed800bcde5b3f2a15 Mon Sep 17 00:00:00 2001 | ||
2 | From: Colin Walters <walters@verbum.org> | ||
3 | Date: Mon, 19 Aug 2013 12:16:11 -0400 | ||
4 | Subject: [PATCH] pkcheck: Support --process=pid,start-time,uid syntax too | ||
5 | |||
6 | The uid is a new addition; this allows callers such as libvirt to | ||
7 | close a race condition in reading the uid of the process talking to | ||
8 | them. They can read it via getsockopt(SO_PEERCRED) or equivalent, | ||
9 | rather than having pkcheck look at /proc later after the fact. | ||
10 | |||
11 | Programs which invoke pkcheck but need to know beforehand (i.e. at | ||
12 | compile time) whether or not it supports passing the uid can | ||
13 | use: | ||
14 | |||
15 | pkcheck_supports_uid=$($PKG_CONFIG --variable pkcheck_supports_uid polkit-gobject-1) | ||
16 | test x$pkcheck_supports_uid = xyes | ||
17 | |||
18 | Conflicts: | ||
19 | docs/man/pkcheck.xml | ||
20 | src/programs/pkcheck.c | ||
21 | --- | ||
22 | data/polkit-gobject-1.pc.in | 3 +++ | ||
23 | docs/man/pkcheck.xml | 33 +++++++++++++++++++++------------ | ||
24 | src/programs/pkcheck.c | 7 ++++++- | ||
25 | 3 files changed, 30 insertions(+), 13 deletions(-) | ||
26 | |||
27 | diff --git a/data/polkit-gobject-1.pc.in b/data/polkit-gobject-1.pc.in | ||
28 | index c39677d..5c4c620 100644 | ||
29 | --- a/data/polkit-gobject-1.pc.in | ||
30 | +++ b/data/polkit-gobject-1.pc.in | ||
31 | @@ -11,3 +11,6 @@ Version: @VERSION@ | ||
32 | Libs: -L${libdir} -lpolkit-gobject-1 | ||
33 | Cflags: -I${includedir}/polkit-1 | ||
34 | Requires: gio-2.0 >= 2.18 glib-2.0 >= 2.18 | ||
35 | +# Programs using pkcheck can use this to determine | ||
36 | +# whether or not it can be passed a uid. | ||
37 | +pkcheck_supports_uid=true | ||
38 | diff --git a/docs/man/pkcheck.xml b/docs/man/pkcheck.xml | ||
39 | index 6b8a874..9f2faef 100644 | ||
40 | --- a/docs/man/pkcheck.xml | ||
41 | +++ b/docs/man/pkcheck.xml | ||
42 | @@ -55,6 +55,9 @@ | ||
43 | <arg choice="plain"> | ||
44 | <replaceable>pid,pid-start-time</replaceable> | ||
45 | </arg> | ||
46 | + <arg choice="plain"> | ||
47 | + <replaceable>pid,pid-start-time,uid</replaceable> | ||
48 | + </arg> | ||
49 | </group> | ||
50 | </arg> | ||
51 | <arg choice="plain"> | ||
52 | @@ -90,7 +93,7 @@ | ||
53 | <title>DESCRIPTION</title> | ||
54 | <para> | ||
55 | <command>pkcheck</command> is used to check whether a process, specified by | ||
56 | - either <option>--process</option> or <option>--system-bus-name</option>, | ||
57 | + either <option>--process</option> (see below) or <option>--system-bus-name</option>, | ||
58 | is authorized for <replaceable>action</replaceable>. The <option>--detail</option> | ||
59 | option can be used zero or more times to pass details about <replaceable>action</replaceable>. | ||
60 | If <option>--allow-user-interaction</option> is passed, <command>pkcheck</command> blocks | ||
61 | @@ -160,17 +163,23 @@ KEY3=VALUE3 | ||
62 | <refsect1 id="pkcheck-notes"> | ||
63 | <title>NOTES</title> | ||
64 | <para> | ||
65 | - Since process identifiers can be recycled, the caller should always use | ||
66 | - <replaceable>pid,pid-start-time</replaceable> to specify the process | ||
67 | - to check for authorization when using the <option>--process</option> option. | ||
68 | - The value of <replaceable>pid-start-time</replaceable> | ||
69 | - can be determined by consulting e.g. the | ||
70 | - <citerefentry> | ||
71 | - <refentrytitle>proc</refentrytitle><manvolnum>5</manvolnum> | ||
72 | - </citerefentry> | ||
73 | - file system depending on the operating system. If only <replaceable>pid</replaceable> | ||
74 | - is passed to the <option>--process</option> option, then <command>pkcheck</command> | ||
75 | - will look up the start time itself but note that this may be racy. | ||
76 | + Do not use either the bare <replaceable>pid</replaceable> or | ||
77 | + <replaceable>pid,start-time</replaceable> syntax forms for | ||
78 | + <option>--process</option>. There are race conditions in both. | ||
79 | + New code should always use | ||
80 | + <replaceable>pid,pid-start-time,uid</replaceable>. The value of | ||
81 | + <replaceable>start-time</replaceable> can be determined by | ||
82 | + consulting e.g. the | ||
83 | + <citerefentry><refentrytitle>proc</refentrytitle><manvolnum>5</manvolnum></citerefentry> | ||
84 | + file system depending on the operating system. If fewer than 3 | ||
85 | + arguments are passed, <command>pkcheck</command> will attempt to | ||
86 | + look up them up internally, but note that this may be racy. | ||
87 | + </para> | ||
88 | + <para> | ||
89 | + If your program is a daemon with e.g. a custom Unix domain | ||
90 | + socket, you should determine the <replaceable>uid</replaceable> | ||
91 | + parameter via operating system mechanisms such as | ||
92 | + <literal>PEERCRED</literal>. | ||
93 | </para> | ||
94 | </refsect1> | ||
95 | |||
96 | diff --git a/src/programs/pkcheck.c b/src/programs/pkcheck.c | ||
97 | index 719a36c..057e926 100644 | ||
98 | --- a/src/programs/pkcheck.c | ||
99 | +++ b/src/programs/pkcheck.c | ||
100 | @@ -372,6 +372,7 @@ main (int argc, char *argv[]) | ||
101 | else if (g_strcmp0 (argv[n], "--process") == 0 || g_strcmp0 (argv[n], "-p") == 0) | ||
102 | { | ||
103 | gint pid; | ||
104 | + guint uid; | ||
105 | guint64 pid_start_time; | ||
106 | |||
107 | n++; | ||
108 | @@ -381,7 +382,11 @@ main (int argc, char *argv[]) | ||
109 | goto out; | ||
110 | } | ||
111 | |||
112 | - if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT, &pid, &pid_start_time) == 2) | ||
113 | + if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT ",%u", &pid, &pid_start_time, &uid) == 3) | ||
114 | + { | ||
115 | + subject = polkit_unix_process_new_for_owner (pid, pid_start_time, uid); | ||
116 | + } | ||
117 | + else if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT, &pid, &pid_start_time) == 2) | ||
118 | { | ||
119 | subject = polkit_unix_process_new_full (pid, pid_start_time); | ||
120 | } | ||
121 | -- | ||
122 | 1.8.5.1 | ||
123 | |||