wok-next view polkit/stuff/patches/polkit-0.115-security_patch-2.patch @ rev 21469
updated tinc (1.0.25 -> 1.0.36)
| author | Hans-G?nter Theisgen |
|---|---|
| date | Wed May 13 07:41:00 2020 +0100 (2020-05-13) |
| parents | |
| children |
line source
1 Submitted By: Douglas R. Reno <renodr at linuxfromscratch dot org>
2 Date: 2018-12-14
3 Initial Package Version: 0.115
4 Upstream Status: Applied
5 Origin: Upstream/Self
6 Description: This patch contains security fixes for polkit since
7 version 0.115. This also fixes some debug text that
8 was deprecated, and changes some errors to debug msgs.
9 This fixes a vulnerability that has gotten national
10 attention because it allows any UID over 4,000,000
11 to execute any command without authentication.
13 diff -Naurp polkit-0.115.orig/src/polkit/polkitpermission.c polkit-0.115/src/polkit/polkitpermission.c
14 --- polkit-0.115.orig/src/polkit/polkitpermission.c 2018-04-03 15:57:57.000000000 -0500
15 +++ polkit-0.115/src/polkit/polkitpermission.c 2018-12-13 13:00:43.554424180 -0600
16 @@ -137,10 +137,13 @@ polkit_permission_finalize (GObject *obj
17 g_free (permission->tmp_authz_id);
18 g_object_unref (permission->subject);
20 - g_signal_handlers_disconnect_by_func (permission->authority,
21 - on_authority_changed,
22 - permission);
23 - g_object_unref (permission->authority);
24 + if (permission->authority != NULL)
25 + {
26 + g_signal_handlers_disconnect_by_func (permission->authority,
27 + on_authority_changed,
28 + permission);
29 + g_object_unref (permission->authority);
30 + }
32 if (G_OBJECT_CLASS (polkit_permission_parent_class)->finalize != NULL)
33 G_OBJECT_CLASS (polkit_permission_parent_class)->finalize (object);
34 diff -Naurp polkit-0.115.orig/src/polkit/polkitunixgroup.c polkit-0.115/src/polkit/polkitunixgroup.c
35 --- polkit-0.115.orig/src/polkit/polkitunixgroup.c 2017-09-04 14:52:53.000000000 -0500
36 +++ polkit-0.115/src/polkit/polkitunixgroup.c 2018-12-13 12:22:14.903159457 -0600
37 @@ -71,6 +71,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixGroup
38 static void
39 polkit_unix_group_init (PolkitUnixGroup *unix_group)
40 {
41 + unix_group->gid = -1; /* -1 is not a valid GID under Linux */
42 }
44 static void
45 @@ -100,11 +101,14 @@ polkit_unix_group_set_property (GObject
46 GParamSpec *pspec)
47 {
48 PolkitUnixGroup *unix_group = POLKIT_UNIX_GROUP (object);
49 + gint val;
51 switch (prop_id)
52 {
53 case PROP_GID:
54 - unix_group->gid = g_value_get_int (value);
55 + val = g_value_get_int (value);
56 + g_return_if_fail (val != -1);
57 + unix_group->gid = val;
58 break;
60 default:
61 @@ -131,9 +135,9 @@ polkit_unix_group_class_init (PolkitUnix
62 g_param_spec_int ("gid",
63 "Group ID",
64 "The UNIX group ID",
65 - 0,
66 + G_MININT,
67 G_MAXINT,
68 - 0,
69 + -1,
70 G_PARAM_CONSTRUCT |
71 G_PARAM_READWRITE |
72 G_PARAM_STATIC_NAME |
73 @@ -166,7 +170,7 @@ polkit_unix_group_get_gid (PolkitUnixGro
74 */
75 void
76 polkit_unix_group_set_gid (PolkitUnixGroup *group,
77 - gint gid)
78 + gint gid)
79 {
80 g_return_if_fail (POLKIT_IS_UNIX_GROUP (group));
81 group->gid = gid;
82 @@ -183,6 +187,8 @@ polkit_unix_group_set_gid (PolkitUnixGro
83 PolkitIdentity *
84 polkit_unix_group_new (gint gid)
85 {
86 + g_return_val_if_fail (gid != -1, NULL);
87 +
88 return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_GROUP,
89 "gid", gid,
90 NULL));
91 diff -Naurp polkit-0.115.orig/src/polkit/polkitunixprocess.c polkit-0.115/src/polkit/polkitunixprocess.c
92 --- polkit-0.115.orig/src/polkit/polkitunixprocess.c 2018-06-25 08:55:45.000000000 -0500
93 +++ polkit-0.115/src/polkit/polkitunixprocess.c 2018-12-13 12:58:33.019565824 -0600
94 @@ -159,9 +159,14 @@ polkit_unix_process_set_property (GObjec
95 polkit_unix_process_set_pid (unix_process, g_value_get_int (value));
96 break;
98 - case PROP_UID:
99 - polkit_unix_process_set_uid (unix_process, g_value_get_int (value));
100 + case PROP_UID: {
101 + gint val;
102 +
103 + val = g_value_get_int (value);
104 + g_return_if_fail (val != -1);
105 + polkit_unix_process_set_uid (unix_process, val);
106 break;
107 + }
109 case PROP_START_TIME:
110 polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value));
111 @@ -239,7 +244,7 @@ polkit_unix_process_class_init (PolkitUn
112 g_param_spec_int ("uid",
113 "User ID",
114 "The UNIX user ID",
115 - -1,
116 + G_MININT,
117 G_MAXINT,
118 -1,
119 G_PARAM_CONSTRUCT |
120 @@ -303,7 +308,6 @@ polkit_unix_process_set_uid (PolkitUnixP
121 gint uid)
122 {
123 g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process));
124 - g_return_if_fail (uid >= -1);
125 process->uid = uid;
126 }
128 diff -Naurp polkit-0.115.orig/src/polkit/polkitunixuser.c polkit-0.115/src/polkit/polkitunixuser.c
129 --- polkit-0.115.orig/src/polkit/polkitunixuser.c 2017-09-04 14:52:53.000000000 -0500
130 +++ polkit-0.115/src/polkit/polkitunixuser.c 2018-12-13 12:26:43.659067703 -0600
131 @@ -72,6 +72,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixUser,
132 static void
133 polkit_unix_user_init (PolkitUnixUser *unix_user)
134 {
135 + unix_user->uid = -1; /* (uid_t) -1 is not a valid UID under Linux */
136 unix_user->name = NULL;
137 }
139 @@ -112,11 +113,14 @@ polkit_unix_user_set_property (GObject
140 GParamSpec *pspec)
141 {
142 PolkitUnixUser *unix_user = POLKIT_UNIX_USER (object);
143 + gint val;
145 switch (prop_id)
146 {
147 case PROP_UID:
148 - unix_user->uid = g_value_get_int (value);
149 + val = g_value_get_int (value);
150 + g_return_if_fail (val != -1);
151 + unix_user->uid = val;
152 break;
154 default:
155 @@ -144,9 +148,9 @@ polkit_unix_user_class_init (PolkitUnixU
156 g_param_spec_int ("uid",
157 "User ID",
158 "The UNIX user ID",
159 - 0,
160 + G_MININT,
161 G_MAXINT,
162 - 0,
163 + -1,
164 G_PARAM_CONSTRUCT |
165 G_PARAM_READWRITE |
166 G_PARAM_STATIC_NAME |
167 @@ -182,6 +186,7 @@ polkit_unix_user_set_uid (PolkitUnixUser
168 gint uid)
169 {
170 g_return_if_fail (POLKIT_IS_UNIX_USER (user));
171 + g_return_if_fail (uid != -1);
172 user->uid = uid;
173 }
175 @@ -196,6 +201,8 @@ polkit_unix_user_set_uid (PolkitUnixUser
176 PolkitIdentity *
177 polkit_unix_user_new (gint uid)
178 {
179 + g_return_val_if_fail (uid != -1, NULL);
180 +
181 return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_USER,
182 "uid", uid,
183 NULL));
184 diff -Naurp polkit-0.115.orig/src/polkitagent/polkitagentlistener.c polkit-0.115/src/polkitagent/polkitagentlistener.c
185 --- polkit-0.115.orig/src/polkitagent/polkitagentlistener.c 2018-04-03 15:57:57.000000000 -0500
186 +++ polkit-0.115/src/polkitagent/polkitagentlistener.c 2018-12-13 12:14:09.418533147 -0600
187 @@ -178,10 +178,10 @@ on_notify_authority_owner (GObject *o
188 owner = polkit_authority_get_owner (server->authority);
189 if (owner == NULL)
190 {
191 - g_printerr ("PolicyKit daemon disconnected from the bus.\n");
192 + g_debug ("PolicyKit daemon disconnected from the bus.\n");
194 if (server->is_registered)
195 - g_printerr ("We are no longer a registered authentication agent.\n");
196 + g_debug ("We are no longer a registered authentication agent.\n");
198 server->is_registered = FALSE;
199 }
200 @@ -192,17 +192,17 @@ on_notify_authority_owner (GObject *o
201 {
202 GError *error;
204 - g_printerr ("PolicyKit daemon reconnected to bus.\n");
205 - g_printerr ("Attempting to re-register as an authentication agent.\n");
206 + g_debug ("PolicyKit daemon reconnected to bus.\n");
207 + g_debug ("Attempting to re-register as an authentication agent.\n");
209 error = NULL;
210 if (server_register (server, &error))
211 {
212 - g_printerr ("We are now a registered authentication agent.\n");
213 + g_debug ("We are now a registered authentication agent.\n");
214 }
215 else
216 {
217 - g_printerr ("Failed to register as an authentication agent: %s\n", error->message);
218 + g_debug ("Failed to register as an authentication agent: %s\n", error->message);
219 g_error_free (error);
220 }
221 }
222 @@ -439,6 +439,7 @@ polkit_agent_listener_register_with_opti
223 server->thread_initialization_error = NULL;
224 g_thread_join (server->thread);
225 server_free (server);
226 + server = NULL;
227 goto out;
228 }
229 }
230 diff -Naurp polkit-0.115.orig/src/polkitbackend/polkitbackendinteractiveauthority.c polkit-0.115/src/polkitbackend/polkitbackendinteractiveauthority.c
231 --- polkit-0.115.orig/src/polkitbackend/polkitbackendinteractiveauthority.c 2018-06-22 17:20:18.000000000 -0500
232 +++ polkit-0.115/src/polkitbackend/polkitbackendinteractiveauthority.c 2018-12-13 12:19:01.492266182 -0600
233 @@ -935,7 +935,7 @@ polkit_backend_interactive_authority_che
234 }
236 /* Not anyone is allowed to check that process XYZ is allowed to do ABC.
237 - * We only allow this if, and only if,
238 + * We allow this if, and only if,
239 *
240 * - processes may check for another process owned by the *same* user but not
241 * if details are passed (otherwise you'd be able to spoof the dialog);
242 @@ -947,7 +947,7 @@ polkit_backend_interactive_authority_che
243 *
244 * - if the action_id has the "org.freedesktop.policykit.owner" annotation
245 * then any uid referenced by that annotation is also allowed to check
246 - * to check anything and pass any details
247 + * anything and pass any details
248 */
249 if (!user_of_subject_matches
250 || !polkit_identity_equal (user_of_caller, user_of_subject)
251 diff -Naurp polkit-0.115.orig/src/polkitbackend/polkitbackendjsauthority.cpp polkit-0.115/src/polkitbackend/polkitbackendjsauthority.cpp
252 --- polkit-0.115.orig/src/polkitbackend/polkitbackendjsauthority.cpp 2018-04-03 15:57:57.000000000 -0500
253 +++ polkit-0.115/src/polkitbackend/polkitbackendjsauthority.cpp 2018-12-13 12:11:38.194585334 -0600
254 @@ -1595,7 +1595,8 @@ utils_spawn_data_free (UtilsSpawnData *d
255 (GSourceFunc) utils_child_watch_from_release_cb,
256 source,
257 (GDestroyNotify) g_source_destroy);
258 - g_source_attach (source, data->main_context);
259 + /* Attach source to the global default main context */
260 + g_source_attach (source, NULL);
261 g_source_unref (source);
262 data->child_pid = 0;
263 }
264 diff -Naurp polkit-0.115.orig/src/programs/pkttyagent.c polkit-0.115/src/programs/pkttyagent.c
265 --- polkit-0.115.orig/src/programs/pkttyagent.c 2018-04-03 15:57:57.000000000 -0500
266 +++ polkit-0.115/src/programs/pkttyagent.c 2018-12-13 13:05:01.181202945 -0600
267 @@ -160,7 +160,8 @@ main (int argc, char *argv[])
268 authority = polkit_authority_get_sync (NULL /* GCancellable* */, &error);
269 if (authority == NULL)
270 {
271 - g_printerr ("Error getting authority: %s (%s, %d)\n",
272 + g_printerr ("Authorization not available. Check if polkit service is running or see debug message for more information.\n");
273 + g_debug ("Error getting authority: %s (%s, %d)\n",
274 error->message, g_quark_to_string (error->domain), error->code);
275 g_error_free (error);
276 ret = 127;
277 diff -Naurp polkit-0.115.orig/test/data/etc/group polkit-0.115/test/data/etc/group
278 --- polkit-0.115.orig/test/data/etc/group 2017-09-04 14:52:54.000000000 -0500
279 +++ polkit-0.115/test/data/etc/group 2018-12-13 12:29:00.729037998 -0600
280 @@ -5,3 +5,4 @@ john:x:500:
281 jane:x:501:
282 sally:x:502:
283 henry:x:503:
284 +highuid2:x:4000000000:
285 diff -Naurp polkit-0.115.orig/test/data/etc/passwd polkit-0.115/test/data/etc/passwd
286 --- polkit-0.115.orig/test/data/etc/passwd 2017-09-04 14:52:54.000000000 -0500
287 +++ polkit-0.115/test/data/etc/passwd 2018-12-13 12:28:51.034039809 -0600
288 @@ -3,3 +3,5 @@ john:x:500:500:John Done:/home/john:/bin
289 jane:x:501:501:Jane Smith:/home/jane:/bin/bash
290 sally:x:502:502:Sally Derp:/home/sally:/bin/bash
291 henry:x:503:503:Henry Herp:/home/henry:/bin/bash
292 +highuid1:x:2147483648:2147483648:The first high uid:/home/highuid1:/sbin/nologin
293 +highuid2:x:4000000000:4000000000:An example high uid:/home/example:/sbin/nologin
294 diff -Naurp polkit-0.115.orig/test/data/etc/polkit-1/rules.d/10-testing.rules polkit-0.115/test/data/etc/polkit-1/rules.d/10-testing.rules
295 --- polkit-0.115.orig/test/data/etc/polkit-1/rules.d/10-testing.rules 2017-09-04 14:52:54.000000000 -0500
296 +++ polkit-0.115/test/data/etc/polkit-1/rules.d/10-testing.rules 2018-12-13 13:09:41.535019708 -0600
297 @@ -53,6 +53,27 @@ polkit.addRule(function(action, subject)
298 }
299 });
301 +polkit.addRule(function(action, subject) {
302 + if (action.id == "net.company.john_action") {
303 + if (subject.user == "john") {
304 + return polkit.Result.YES;
305 + } else {
306 + return polkit.Result.NO;
307 + }
308 + }
309 +});
310 +
311 +polkit.addRule(function(action,subject) {
312 + if (action.id == "net.company.highuid2_action") {
313 + if (subject.user == "highuid2") {
314 + return polkit.Result.YES;
315 + } else {
316 + return polkit.Result.NO;
317 + }
318 + }
319 +});
320 +
321 +
322 // ---------------------------------------------------------------------
323 // variables
325 diff -Naurp polkit-0.115.orig/test/polkitbackend/test-polkitbackendjsauthority.c polkit-0.115/test/polkitbackend/test-polkitbackendjsauthority.c
326 --- polkit-0.115.orig/test/polkitbackend/test-polkitbackendjsauthority.c 2018-04-03 15:57:57.000000000 -0500
327 +++ polkit-0.115/test/polkitbackend/test-polkitbackendjsauthority.c 2018-12-13 12:41:19.054977178 -0600
328 @@ -330,6 +330,78 @@ static const RulesTestCase rules_test_ca
329 NULL,
330 POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED,
331 },
332 +
333 + {
334 + /* highuid1 is not a member of group 'users', see test/data/etc/group */
335 + "group_membership_with_non_member(highuid22)",
336 + "net.company.group.only_group_users",
337 + "unix-user:highuid2",
338 + NULL,
339 + POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
340 + },
341 +
342 + {
343 + /* highuid2 is not a member of group 'users', see test/data/etc/group */
344 + "group_membership_with_non_member(highuid21)",
345 + "net.company.group.only_group_users",
346 + "unix-user:highuid2",
347 + NULL,
348 + POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
349 + },
350 +
351 + {
352 + /* highuid1 is not a member of group 'users', see test/data/etc/group */
353 + "group_membership_with_non_member(highuid24)",
354 + "net.company.group.only_group_users",
355 + "unix-user:2147483648",
356 + NULL,
357 + POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
358 + },
359 +
360 + {
361 + /* highuid2 is not a member of group 'users', see test/data/etc/group */
362 + "group_membership_with_non_member(highuid23)",
363 + "net.company.group.only_group_users",
364 + "unix-user:4000000000",
365 + NULL,
366 + POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
367 + },
368 +
369 + {
370 + /* john is authorized to do this, see 10-testing.rules */
371 + "john.action",
372 + "net.company.john_action",
373 + "unix-user:john",
374 + NULL,
375 + POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED,
376 + },
377 +
378 + {
379 + /* ONLY john is authorized to do this, see 10-testing.rules */
380 + "jane_action",
381 + "net.company.john_action",
382 + "unix-user:jane",
383 + NULL,
384 + POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED,
385 + },
386 +
387 + {
388 + /* highuid2 is authorized to do this, see 10-testing.rules */
389 + "highuid2_action",
390 + "net.company.highuid2_action",
391 + "unix-user:highuid2",
392 + NULL,
393 + POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED,
394 + },
395 +
396 + {
397 + /* ONLY highuid2 is authorized to do this, see 10-testing.rules */
398 + "highuid1_action",
399 + "net.company.highuid2_action",
400 + "unix-user:highuid1",
401 + NULL,
402 + POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED
403 + },
404 };
406 /* ---------------------------------------------------------------------------------------------------- */