Skip to content
GitLab
Switch branch/tag
  1. 23 Feb, 2020 1 commit
    • Robert Ancell's avatar
      polkitbackend: Re-instate the local authority · f3d4f5ae
      Robert Ancell authored 
      The local authority was removed in 0f830c76 (May 2012) as it was deemed
unnecessary as the jsbackend could perform any functionality that was
previously done using the localbackend.

However, for security reasons Debian and Ubuntu did not determine the JS
backend safe enough to ship by default, and thus have remained on polkit
version 105 ever since (though collecting cherry-picked patches from the
following releases).

By re-instating the local authority both Debian and Ubuntu are able to
update to track the latest version of polkit. The JS backend remains by
default and the local backend is only compiled and used if configured
with --disable-javascript.

While supporting two backends does come at an increased cost in this
case it seems reasonable low as the code in this change required almost
no modification to re-introduce.
      f3d4f5ae
  3. 21 Feb, 2020 2 commits
  5. 27 Jan, 2020 4 commits
  7. 08 Oct, 2019 2 commits
  9. 07 Oct, 2019 3 commits
  11. 14 Sep, 2019 1 commit
  13. 01 Aug, 2019 2 commits
  15. 19 May, 2019 2 commits
  17. 26 Apr, 2019 2 commits
  19. 25 Apr, 2019 2 commits
  21. 02 Apr, 2019 2 commits
  23. 26 Mar, 2019 2 commits
  25. 15 Mar, 2019 2 commits
  27. 14 Mar, 2019 1 commit
  29. 12 Mar, 2019 2 commits
    • Emmanuele Bassi's avatar
      Port the JS authority to mozjs-60 · dd00683e
      Emmanuele Bassi authored and Ray Strode's avatar Ray Strode committed 
      API changes in mozjs that need to be reflected in the JS authority:

 - the JS::CompileOptions constructor and the JS::CompartmentOptions
   do not allow setting a JS version any more

 - do not use NULL comparisons for C++ objects

 - the resize() method for a vector has a return value that needs
   to be handled

 - JSClassOps has different fields
      dd00683e
    • Emmanuele Bassi's avatar
      Depend on mozjs-60 · c9cd7024
      Emmanuele Bassi authored and Ray Strode's avatar Ray Strode committed 
      This is the new ESR version of the Mozilla JS engine, superceding
mozjs-52.
      c9cd7024
  31. 05 Feb, 2019 2 commits
    • Jan Rybar's avatar
      Merge branch 'allow-unset-process-uid' into 'master' · dbf58d4e
      Jan Rybar authored 
      Allow uid of -1 for a PolkitUnixProcess

See merge request polkit/polkit!17
      dbf58d4e
    • Matthew Leeds's avatar
      Allow uid of -1 for a PolkitUnixProcess · c05472b8
      Matthew Leeds authored and Jan Rybar's avatar Jan Rybar committed 
      Commit 2cb40c4d changed PolkitUnixUser, PolkitUnixGroup, and
PolkitUnixProcess to allow negative values for their uid/gid properties,
since these are values above INT_MAX which wrap around but are still
valid, with the exception of -1 which is not valid. However,
PolkitUnixProcess allows a uid of -1 to be passed to
polkit_unix_process_new_for_owner() which means polkit is expected to
figure out the uid on its own (this happens in the _constructed
function). So this commit removes the check in
polkit_unix_process_set_property() so that new_for_owner() can be used
as documented without producing a critical error message.

This does not affect the protection against CVE-2018-19788 which is
based on creating a user with a UID up to but not including 4294967295
(-1).
      c05472b8
  33. 08 Jan, 2019 2 commits
  35. 06 Dec, 2018 1 commit
  37. 04 Dec, 2018 2 commits
    • Zbigniew Jędrzejewski-Szmek's avatar
      tests: add tests for high uids · b534a107
      Zbigniew Jędrzejewski-Szmek authored
      b534a107
    • Zbigniew Jędrzejewski-Szmek's avatar
      Allow negative uids/gids in PolkitUnixUser and Group objects · 2cb40c4d
      Zbigniew Jędrzejewski-Szmek authored 
      (uid_t) -1 is still used as placeholder to mean "unset". This is OK, since
there should be no users with such number, see
https://systemd.io/UIDS-GIDS#special-linux-uids.

(uid_t) -1 is used as the default value in class initialization.

When a user or group above INT32_MAX is created, the numeric uid or
gid wraps around to negative when the value is assigned to gint, and
polkit gets confused. Let's accept such gids, except for -1.

A nicer fix would be to change the underlying type to e.g. uint32 to
not have negative values. But this cannot be done without breaking the
API, so likely new functions will have to be added (a
polkit_unix_user_new variant that takes a unsigned, and the same for
_group_new, _set_uid, _get_uid, _set_gid, _get_gid, etc.). This will
require a bigger patch.

Fixes #74.
      2cb40c4d
  39. 03 Dec, 2018 1 commit
  41. 02 Dec, 2018 1 commit
  43. 30 Nov, 2018 1 commit