src/polkit-grant/polkit-grant-helper.c line 231:
/* send to parent */
fprintf (stdout, buf);
This should be fprintf(stdout, %s, buf);
--
policykit or policykit-gome do not work with passwords containing % character
https://bugs.launchpad.net/bugs/205037
You
This bug was fixed in the package policykit - 0.7-2ubuntu6
---
policykit (0.7-2ubuntu6) hardy; urgency=low
* Add 10_format-string-security.patch: fix format strings (LP:
#205037).
-- Kees Cook [EMAIL PROTECTED] Mon, 31 Mar 2008 16:06:38 -0700
** Changed in: policykit (Ubuntu)
I can confirm this bug. For example a password like 'abcd%efgh' does not
work. 'foo%bar' is working, so it seems to be a combination of '%' and
some other condition I was not able to figure out.
debug.log is attached.
** Attachment added: debug.log
** Changed in: policykit (Ubuntu)
Status: Incomplete = Confirmed
--
policykit or policykit-gome do not work with passwords containing % character
https://bugs.launchpad.net/bugs/205037
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
** Changed in: policykit (Ubuntu)
Importance: Medium = High
Status: Confirmed = In Progress
--
policykit or policykit-gome do not work with passwords containing % character
https://bugs.launchpad.net/bugs/205037
You received this bug notification because you are a member of Ubuntu
O.K. It really seems to be an interference with sprintf's conversion
specifiers. 'foo%bar is working because there is no '%b' specifier.
'foo%xbar', foo%ebar', 'foo%fbar', etc. are not working, because these
are conversion specifiers.
This means it is almost certainly exploitable somehow.
--
Hm, I tried to change my password to foo%bar, and was able to
authenticate with it. When I mistype the password, I get auth.log
entries similar to your's.
So I cannot reproduce this bug. Can you please do
POLKIT_DEBUG=1 users-admin 21|tee /tmp/debug.log
then try to authenticate, and after
I can't reproduce this error either. Using Hardy Beta1.
--
policykit or policykit-gome do not work with passwords containing % character
https://bugs.launchpad.net/bugs/205037
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
** Changed in: policykit (Ubuntu)
Importance: Undecided = Critical
Assignee: (unassigned) = Martin Pitt (pitti)
Status: New = In Progress
--
policykit or policykit-gome do not work with passwords containing % character
https://bugs.launchpad.net/bugs/205037
You received this bug