Git-Url: 
http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-1.2.git;a=commitdiff;h=bfc8be9bf5e45765f7fedf855ffe7488c37e399c

commit bfc8be9bf5e45765f7fedf855ffe7488c37e399c
Author: Miklos Vajna <vmik...@frugalware.org>
Date:   Sat Apr 24 12:43:17 2010 +0200

polkit-0.96-3locris1-i686

- add CVE-2010-0750.patch
- closes #4199

(cherry picked from commit 7c60617b4cdfa2509a0072f8ed902c7c94b89a45)

diff --git a/source/apps/polkit/CVE-2010-0750.patch 
b/source/apps/polkit/CVE-2010-0750.patch
new file mode 100644
index 0000000..66713f8
--- /dev/null
+++ b/source/apps/polkit/CVE-2010-0750.patch
@@ -0,0 +1,61 @@
+From 14bdfd816512a82b1ad258fa143ae5faa945df8a Mon Sep 17 00:00:00 2001
+From: Dan Rosenberg <dan.j.rosenb...@gmail.com>
+Date: Wed, 10 Mar 2010 17:46:19 +0000
+Subject: Bug 26982 – pkexec information disclosure vulnerability
+
+pkexec is vulnerable to a minor information disclosure vulnerability
+that allows an attacker to verify whether or not arbitrary files
+exist, violating directory permissions. I reproduced the issue on my
+Karmic installation as follows:
+
+ $ mkdir secret
+ $ sudo chown root:root secret
+ $ sudo chmod 400 secret
+ $ sudo touch secret/hidden
+ $ pkexec /home/drosenbe/secret/hidden
+ (password prompt)
+ $ pkexec /home/drosenbe/secret/doesnotexist
+ Error getting information about /home/drosenbe/secret/doesnotexist: No such
+ file or directory
+
+I've attached my patch for the issue. I replaced the stat() call
+entirely with access() using F_OK, so rather than check that the
+target exists, pkexec now checks if the user has permission to verify
+the existence of the program. There might be another way of doing
+this, such as chdir()'ing to the parent directory of the target and
+calling lstat(), but this seemed like more code than necessary to
+prevent such a minor problem.  I see no reason to allow pkexec to
+execute targets that are not accessible to the executing user because
+of directory permissions. This is such a limited use case anyway that
+this doesn't really affect functionality.
+
+http://bugs.freedesktop.org/show_bug.cgi?id=26982
+
+Signed-off-by: David Zeuthen <dav...@redhat.com>
+---
+diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c
+index 860e665..17c191e 100644
+--- a/src/programs/pkexec.c
++++ b/src/programs/pkexec.c
+@@ -411,7 +411,6 @@ main (int argc, char *argv[])
+   gchar *opt_user;
+   pid_t pid_of_caller;
+   uid_t uid_of_caller;
+-  struct stat statbuf;
+
+   ret = 127;
+   authority = NULL;
+@@ -520,9 +519,9 @@ main (int argc, char *argv[])
+       g_free (path);
+       argv[n] = path = s;
+     }
+-  if (stat (path, &statbuf) != 0)
++  if (access (path, F_OK) != 0)
+     {
+-      g_printerr ("Error getting information about %s: %s\n", path, 
g_strerror (errno));
++      g_printerr ("Error accessing %s: %s\n", path, g_strerror (errno));
+       goto out;
+     }
+   command_line = g_strjoinv (" ", argv + n);
+--
+cgit v0.8.3-6-g21f6
diff --git a/source/apps/polkit/FrugalBuild b/source/apps/polkit/FrugalBuild
index 182da18..26aa351 100644
--- a/source/apps/polkit/FrugalBuild
+++ b/source/apps/polkit/FrugalBuild
@@ -3,7 +3,7 @@

pkgname=polkit
pkgver=0.96
-pkgrel=2
+pkgrel=3locris1
pkgdesc="Policy framework for controlling privileges for system-wide services"
url="http://hal.freedesktop.org/docs/PolicyKit";
depends=('pam' 'dbus-glib' 'expat' 'eggdbus')
@@ -11,8 +11,10 @@ makedepends=('intltool' 'gobject-introspection')
groups=('apps')
archs=('i686' 'x86_64' 'ppc')
up2date="Flasttar http://hal.freedesktop.org/releases/";
-source=(http://hal.freedesktop.org/releases/$pkgname-$pkgver.tar.gz)
-sha1sums=('0815b2ee2ffc2ebf2b6fc73491018a898fc73930')
+source=(http://hal.freedesktop.org/releases/$pkgname-$pkgver.tar.gz \
+       CVE-2010-0750.patch)
+sha1sums=('0815b2ee2ffc2ebf2b6fc73491018a898fc73930' \
+          '81d3ccefe3452509d501963ce1a906d686c33a36')
replaces=('policykit')
conflicts=('policykit')
_______________________________________________
Frugalware-git mailing list
Frugalware-git@frugalware.org
http://frugalware.org/mailman/listinfo/frugalware-git

Reply via email to