Package: policykit-1
Version: 0.113-6
Severity: normal
Tags: security

Dear Maintainer,

the polkitd process runs with several memory zones with both write and execute 
permissions:

# grep rwxp /proc/$(pidof polkitd)/maps
7f2638828000-7f2638838000 rwxp 00000000 00:00 0
7f263884f000-7f263885f000 rwxp 00000000 00:00 0
7f2638880000-7f26388a0000 rwxp 00000000 00:00 0

This is a problem because in case of a bug in polkitd, it might be use to 
inject code into the process.

The same problem does exist neither in Debian 9, nor in Ubuntu 17.10 nor in 
Fedora 27.  It seems specific to Debian experimental.


-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.14.0-3-rt-amd64 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages policykit-1 depends on:
ii  adduser                3.117
ii  dbus                   1.12.2-1
ii  libc6                  2.27-0experimental0
ii  libexpat1              2.2.5-3
ii  libglib2.0-0           2.55.1-1
ii  libmozjs185-1.0        1.8.5-1.0.0+dfsg-7
ii  libnspr4               2:4.18-1
ii  libpam-systemd         237-1
ii  libpam0g               1.1.8-3.7
ii  libpolkit-agent-1-0    0.113-6
ii  libpolkit-gobject-1-0  0.113-6
ii  libsystemd0            237-1

policykit-1 recommends no packages.

policykit-1 suggests no packages.

-- Configuration Files:
/etc/polkit-1/rules.d/40-debian-sudo.rules [Errno 13] Permission denied: 
'/etc/polkit-1/rules.d/40-debian-sudo.rules'
/etc/polkit-1/rules.d/50-default.rules [Errno 13] Permission denied: 
'/etc/polkit-1/rules.d/50-default.rules'

-- no debconf information
-- 
Laurent.

Reply via email to