1. 09 Aug, 2010 6 commits
  2. 07 Aug, 2010 1 commit
  3. 06 Aug, 2010 2 commits
  4. 03 Aug, 2010 2 commits
  5. 02 Aug, 2010 1 commit
  6. 30 Jul, 2010 2 commits
  7. 29 Jul, 2010 3 commits
  8. 28 Jul, 2010 2 commits
  9. 15 Jul, 2010 1 commit
  10. 02 Jul, 2010 1 commit
    • Andrew Psaltis's avatar
      Add shadow support · a2edcef5
      Andrew Psaltis authored
      Added support for the shadow authentication framework instead of PAM.
      Enable it by passing --with-authfw=shadow to configure.
      
      This is done by splitting the polkitagenthelper source into separate
      parts, one that does auth with PAM, and another that does auth with
      shadow, sharing functions where appropriate.
      
      Also, all PAM-dependendent code in all other files has been #ifdef'd.
      The only affected file is src/programs/pkexec.c
      Signed-off-by: default avatarDavid Zeuthen <davidz@redhat.com>
      a2edcef5
  11. 10 Mar, 2010 1 commit
    • Dan Rosenberg's avatar
      Bug 26982 – pkexec information disclosure vulnerability · 14bdfd81
      Dan Rosenberg authored
      pkexec is vulnerable to a minor information disclosure vulnerability
      that allows an attacker to verify whether or not arbitrary files
      exist, violating directory permissions. I reproduced the issue on my
      Karmic installation as follows:
      
       $ mkdir secret
       $ sudo chown root:root secret
       $ sudo chmod 400 secret
       $ sudo touch secret/hidden
       $ pkexec /home/drosenbe/secret/hidden
       (password prompt)
       $ pkexec /home/drosenbe/secret/doesnotexist
       Error getting information about /home/drosenbe/secret/doesnotexist: No such
       file or directory
      
      I've attached my patch for the issue. I replaced the stat() call
      entirely with access() using F_OK, so rather than check that the
      target exists, pkexec now checks if the user has permission to verify
      the existence of the program. There might be another way of doing
      this, such as chdir()'ing to the parent directory of the target and
      calling lstat(), but this seemed like more code than necessary to
      prevent such a minor problem.  I see no reason to allow pkexec to
      execute targets that are not accessible to the executing user because
      of directory permissions. This is such a limited use case anyway that
      this doesn't really affect functionality.
      
      http://bugs.freedesktop.org/show_bug.cgi?id=26982Signed-off-by: default avatarDavid Zeuthen <davidz@redhat.com>
      14bdfd81
  12. 15 Jan, 2010 4 commits
  13. 15 Dec, 2009 7 commits
  14. 11 Dec, 2009 4 commits
    • David Zeuthen's avatar
      Bug 25594 – System logging · c93407fa
      David Zeuthen authored
      For now we log the following events
      
      1. Daemon startup -> /var/log/messages
      --------------------------------------
      
      Dec 11 15:12:56 localhost polkitd[3035]: started daemon version 0.95 using authority implementation `local' version `0.95'
      
      2. Authentication agent -> /var/log/secure
      ------------------------------------------
      
      Dec 11 15:14:00 localhost polkitd(authority=local): Registered Authentication Agent for session /org/freedesktop/ConsoleKit/Session1 (system bus name :1.903 [./polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
      
      Dec 11 15:16:18 localhost polkitd(authority=local): Unregistered Authentication Agent for session /org/freedesktop/ConsoleKit/Session1 (system bus name :1.903, object path /org/gnome/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
      
      3. Authorization checks
      -----------------------
      
      Dec 11 15:17:57 localhost polkitd(authority=local): ALLOWING action org.freedesktop.policykit.example.pkexec.run-frobnicate for unix-process:2517:25785526 [bash] owned by unix-user:davidz (check requested by system-bus-name::1.905 [pkexec /usr/bin/pk-example-frobnicate])
      
      Dec 11 15:18:10 localhost polkitd(authority=local): ALLOWING action org.freedesktop.udisks.filesystem-mount-system-internal for system-bus-name::1.902 [palimpsest] owned by unix-user:davidz (check requested by system-bus-name::1.380 [/usr/libexec/udisks-daemon])
      
      4. Authorizations through authentication (both success and
         failures) -> /var/log/secure
      ----------------------------------------------------------
      
      Dec 11 15:19:01 localhost polkitd(authority=local): Operator of unix-session:/org/freedesktop/ConsoleKit/Session1 successfully authenticated as unix-user:davidz to gain TEMPORARY authorization for action org.freedesktop.policykit.example.pkexec.run-frobnicate for unix-process:2517:25785526 [bash] (owned by unix-user:davidz)
      Dec 11 15:19:01 localhost polkitd(authority=local): ALLOWING action org.freedesktop.policykit.example.pkexec.run-frobnicate for unix-process:2517:25785526 [bash] owned by unix-user:davidz (check requested by system-bus-name::1.906 [pkexec /usr/bin/pk-example-frobnicate])
      
      Dec 11 15:19:10 localhost polkitd(authority=local): Operator of unix-session:/org/freedesktop/ConsoleKit/Session1 successfully authenticated as unix-user:davidz to gain ONE-SHOT authorization for action org.freedesktop.policykit.exec for unix-process:2517:25785526 [bash] (owned by unix-user:davidz)
      Dec 11 15:19:10 localhost polkitd(authority=local): ALLOWING action org.freedesktop.policykit.exec for unix-process:2517:25785526 [bash] owned by unix-user:davidz (check requested by system-bus-name::1.908 [pkexec bash])
      
      Dec 11 15:19:10 localhost pkexec: pam_unix(polkit-1:session): session opened for user root by davidz(uid=500)
      Dec 11 15:19:22 localhost polkitd(authority=local): Operator of unix-session:/org/freedesktop/ConsoleKit/Session1 FAILED to authenticate to gain authorization for action org.freedesktop.policykit.exec for unix-process:2517:25785526 [bash] (owned by unix-user:davidz)
      Dec 11 15:19:22 localhost polkitd(authority=local): DENYING action org.freedesktop.policykit.exec for unix-process:2517:25785526 [bash] owned by unix-user:davidz (check requested by system-bus-name::1.910 [pkexec bash])
      
      Dec 11 15:20:06 localhost polkitd(authority=local): Operator of unix-session:/org/freedesktop/ConsoleKit/Session1 successfully authenticated as unix-user:bateman to gain ONE-SHOT authorization for action org.freedesktop.policykit.exec for unix-process:2517:25785526 [bash] (owned by unix-user:davidz)
      Dec 11 15:20:06 localhost polkitd(authority=local): ALLOWING action org.freedesktop.policykit.exec for unix-process:2517:25785526 [bash] owned by unix-user:davidz (check requested by system-bus-name::1.913 [pkexec bash])
      Signed-off-by: default avatarDavid Zeuthen <davidz@redhat.com>
      c93407fa
    • David Zeuthen's avatar
      Fix up last comment · 8b6bd9c6
      David Zeuthen authored
      Signed-off-by: default avatarDavid Zeuthen <davidz@redhat.com>
      8b6bd9c6
    • David Zeuthen's avatar
      Run the open_session part of the PAM stack in pkexec(1) · 84958d37
      David Zeuthen authored
      This was pointed out in
      
      http://lists.freedesktop.org/archives/polkit-devel/2009-December/000276.html
      
      We already run the authentication and acct_mgmt parts in the
      authentication agent.
      Signed-off-by: default avatarDavid Zeuthen <davidz@redhat.com>
      84958d37
    • David Zeuthen's avatar
      Fix logic error in pk-example-frobnicate · 3e82e172
      David Zeuthen authored
      Signed-off-by: default avatarDavid Zeuthen <davidz@redhat.com>
      3e82e172
  15. 10 Dec, 2009 1 commit
    • David Zeuthen's avatar
      Bug 25367 — Also read local authority configuration data from /etc · 8e0b9b47
      David Zeuthen authored
      Turns out some people would rather edit local files in /etc rather
      than shipping them in a package (as e.g. Fedora does with the
      polkit-desktop-policy RPM).
      
      This also drops the hard-coded list of directory names such as
      10-vendor.d, 20-org.d - we now monitor the
      /var/lib/polkit-1/localauthority and /etc/polkit-1/localauthority
      directories for changes - whenever we see a subdirectory in any of
      these directories, we create an AuthorizationStore object that looks
      for .pkla files.
      Signed-off-by: default avatarDavid Zeuthen <davidz@redhat.com>
      8e0b9b47
  16. 13 Nov, 2009 2 commits