1. 10 Jul, 2018 1 commit
  2. 03 Apr, 2018 5 commits
  3. 12 Dec, 2016 3 commits
  4. 01 Oct, 2015 1 commit
  5. 20 Jul, 2015 1 commit
  6. 02 Jul, 2015 1 commit
  7. 17 Jun, 2015 1 commit
    • Colin Walters's avatar
      CVE-2015-4625: Use unpredictable cookie values, keep them secret · ea544ffc
      Colin Walters authored
      Tavis noted that it'd be possible with a 32 bit counter for someone to
      cause the cookie to wrap by creating Authentication requests in a
      loop.
      
      Something important to note here is that wrapping of signed integers
      is undefined behavior in C, so we definitely want to fix that.  All
      counter integers used in this patch are unsigned.
      
      See the comment above `authentication_agent_generate_cookie` for
      details, but basically we're now using a cookie of the form:
      
      ```
              <agent serial> - <agent random id> - <session serial> - <session
      random id>
      ```
      
      Which has multiple 64 bit counters, plus unpredictable random 128 bit
      integer ids (effectively UUIDs, but we're not calling them that
      because we don't need to be globally unique.
      
      We further ensure that the cookies are not visible to other processes
      by changing the setuid helper to accept them over standard input.  This
      means that an attacker would have to guess both ids.
      
      In any case, the security hole here is better fixed with the other
      change to bind user id (uid) of the agent with cookie lookups, making
      cookie guessing worthless.
      
      Nevertheless, I think it's worth doing this change too, for defense in
      depth.
      
      Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90832
      CVE: CVE-2015-4625
      Reported-by: 's avatarTavis Ormandy <taviso@google.com>
      Reviewed-by: 's avatarMiloslav Trmač <mitr@redhat.com>
      Signed-off-by: Colin Walters's avatarColin Walters <walters@redhat.com>
      ea544ffc
  8. 31 Mar, 2015 1 commit
  9. 03 Jun, 2014 1 commit
  10. 19 Feb, 2014 1 commit
  11. 18 Sep, 2013 1 commit
  12. 15 May, 2013 1 commit
  13. 13 May, 2013 2 commits
  14. 23 Apr, 2013 1 commit
  15. 12 Apr, 2013 1 commit
  16. 11 Apr, 2013 2 commits
  17. 10 Apr, 2013 1 commit
  18. 09 Jan, 2013 2 commits
  19. 19 Dec, 2012 1 commit
  20. 14 Nov, 2012 2 commits
  21. 11 Jul, 2012 1 commit
  22. 06 Jul, 2012 2 commits
  23. 07 Jun, 2012 1 commit
  24. 06 Jun, 2012 2 commits
  25. 25 May, 2012 3 commits
  26. 23 May, 2012 1 commit