diff options
Diffstat (limited to 'meta-oe/recipes-extended/polkit/polkit/CVE-2018-19788_p3.patch')
-rw-r--r-- | meta-oe/recipes-extended/polkit/polkit/CVE-2018-19788_p3.patch | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/meta-oe/recipes-extended/polkit/polkit/CVE-2018-19788_p3.patch b/meta-oe/recipes-extended/polkit/polkit/CVE-2018-19788_p3.patch new file mode 100644 index 000000000..b97a6b06d --- /dev/null +++ b/meta-oe/recipes-extended/polkit/polkit/CVE-2018-19788_p3.patch | |||
@@ -0,0 +1,53 @@ | |||
1 | From 0fd5884a943a92aa076fa3276bd83f502dcb934e Mon Sep 17 00:00:00 2001 | ||
2 | From: Matthew Leeds <matthew.leeds@endlessm.com> | ||
3 | Date: Tue, 11 Dec 2018 12:04:26 -0800 | ||
4 | Subject: [PATCH 3/3] Allow uid of -1 for a PolkitUnixProcess | ||
5 | |||
6 | Commit 2cb40c4d5 changed PolkitUnixUser, PolkitUnixGroup, and | ||
7 | PolkitUnixProcess to allow negative values for their uid/gid properties, | ||
8 | since these are values above INT_MAX which wrap around but are still | ||
9 | valid, with the exception of -1 which is not valid. However, | ||
10 | PolkitUnixProcess allows a uid of -1 to be passed to | ||
11 | polkit_unix_process_new_for_owner() which means polkit is expected to | ||
12 | figure out the uid on its own (this happens in the _constructed | ||
13 | function). So this commit removes the check in | ||
14 | polkit_unix_process_set_property() so that new_for_owner() can be used | ||
15 | as documented without producing a critical error message. | ||
16 | |||
17 | This does not affect the protection against CVE-2018-19788 which is | ||
18 | based on creating a user with a UID up to but not including 4294967295 | ||
19 | (-1). | ||
20 | |||
21 | CVE: CVE-2018-19788 | ||
22 | Upstream-Status: Backport | ||
23 | [https://gitlab.freedesktop.org/polkit/polkit/commit/c05472b86222a72505adc5eec460493980224ef8] | ||
24 | |||
25 | Signed-off-by: Dan Tran <dantran@microsoft.com> | ||
26 | --- | ||
27 | src/polkit/polkitunixprocess.c | 9 ++------- | ||
28 | 1 file changed, 2 insertions(+), 7 deletions(-) | ||
29 | |||
30 | diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c | ||
31 | index b02b258..e2a3c03 100644 | ||
32 | --- a/src/polkit/polkitunixprocess.c | ||
33 | +++ b/src/polkit/polkitunixprocess.c | ||
34 | @@ -159,14 +159,9 @@ polkit_unix_process_set_property (GObject *object, | ||
35 | polkit_unix_process_set_pid (unix_process, g_value_get_int (value)); | ||
36 | break; | ||
37 | |||
38 | - case PROP_UID: { | ||
39 | - gint val; | ||
40 | - | ||
41 | - val = g_value_get_int (value); | ||
42 | - g_return_if_fail (val != -1); | ||
43 | - polkit_unix_process_set_uid (unix_process, val); | ||
44 | + case PROP_UID: | ||
45 | + polkit_unix_process_set_uid (unix_process, g_value_get_int (value)); | ||
46 | break; | ||
47 | - } | ||
48 | |||
49 | case PROP_START_TIME: | ||
50 | polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value)); | ||
51 | -- | ||
52 | 2.22.0.vfs.1.1.57.gbaf16c8 | ||
53 | |||