1. 11 Apr, 2011 2 commits
    • Dan Rosenberg's avatar
      Bug 26982 – pkexec information disclosure vulnerability · 28e485ca
      Dan Rosenberg authored
      pkexec is vulnerable to a minor information disclosure vulnerability
      that allows an attacker to verify whether or not arbitrary files
      exist, violating directory permissions. I reproduced the issue on my
      Karmic installation as follows:
      
       $ mkdir secret
       $ sudo chown root:root secret
       $ sudo chmod 400 secret
       $ sudo touch secret/hidden
       $ pkexec /home/drosenbe/secret/hidden
       (password prompt)
       $ pkexec /home/drosenbe/secret/doesnotexist
       Error getting information about /home/drosenbe/secret/doesnotexist: No such
       file or directory
      
      I've attached my patch for the issue. I replaced the stat() call
      entirely with access() using F_OK, so rather than check that the
      target exists, pkexec now checks if the user has permission to verify
      the existence of the program. There might be another way of doing
      this, such as chdir()'ing to the parent directory of the target and
      calling lstat(), but this seemed like more code than necessary to
      prevent such a minor problem.  I see no reason to allow pkexec to
      execute targets that are not accessible to the executing user because
      of directory permissions. This is such a limited use case anyway that
      this doesn't really affect functionality.
      
      http://bugs.freedesktop.org/show_bug.cgi?id=26982
      
      Signed-off-by: default avatarDavid Zeuthen <davidz@redhat.com>
      28e485ca
    • David Zeuthen's avatar
      pkexec: Avoid TOCTTOU problems with parent process · 5d44f404
      David Zeuthen authored
      
      
      In a nutshell, the parent process may change its uid (either real- or
      effective uid) after launching pkexec. It can do this by exec()'ing
      e.g. a setuid root program.
      
      To avoid this problem, just use the uid the parent process had when it
      executed pkexec. This happens to be the same uid of the pkexec process
      itself.
      
      Additionally, remove some dubious code that allowed pkexec to continue
      when the parent process died as there is no reason to support
      something like that. Also ensure that the pkexec process is killed if
      the parent process dies.
      
      This problem was pointed out by Neel Mehta <nmehta@google.com>.
      Signed-off-by: default avatarDavid Zeuthen <davidz@redhat.com>
      5d44f404
  2. 15 Dec, 2009 6 commits
  3. 11 Dec, 2009 2 commits
  4. 13 Sep, 2009 1 commit
  5. 12 Aug, 2009 2 commits
    • David Zeuthen's avatar
      Generate GI gir and typelibs for libpolkit-gobject-1 · a7aacbb5
      David Zeuthen authored
      This includes changing from POSIX types (uid_t, gid_t, pid_t) to
      gint. Won't affect much since the size is the same. And we want this
      anyway since it is needed to build the library on non-POSIX platforms.
      a7aacbb5
    • Joe Clarke's avatar
      Bug 23093 – FreeBSD portability fixes · de9453f4
      Joe Clarke authored
      
      
      There are a few issues with building polkit-0.93 on FreeBSD:
      
       * No clearenv() function on FreeBSD
      
       * While FreeBSD has a /proc, it is deprecated, and kinfo_proc should
         be used instead.
      
       * FreeBSD's printf() functions do not support the %m notation.  This
         is only supported for syslog().
      
        * You can't call GINT_TO_POINTER() on a 64-bit value, as this will
          break on 64-bit OSes.
      
      The attached patch fixes these problems.  First, a check for
      clearenv() is added to configure.  Second, I moved the check for
      process uid to polkit/polkitunixprocess.c.  This may not be ideal, but
      it seems to fit, and reduces code duplication.  Third, I replaces all
      %m with %s ... g_strerror (errno).  Finally, I replaced
      GINT_TO_POINTER() with GSIZE_TO_POINTER.
      Signed-off-by: default avatarDavid Zeuthen <davidz@redhat.com>
      de9453f4
  6. 30 Jul, 2009 1 commit
  7. 27 Jul, 2009 1 commit
  8. 19 May, 2009 1 commit
  9. 15 May, 2009 1 commit