[blfs-book] [BLFS Trac] #11692: Create security patch for polkit (CVE-2019-6133)

BLFS Trac via blfs-book Tue, 19 Feb 2019 16:43:39 -0800

#11692: Create security patch for polkit (CVE-2019-6133)
-------------------------+-----------------------
 Reporter:  renodr       |      Owner:  blfs-book
     Type:  enhancement  |     Status:  new
 Priority:  high         |  Milestone:  8.4
Component:  BOOK         |    Version:  SVN
 Severity:  normal       |   Keywords:
-------------------------+-----------------------
 There is a security issue in polkit allowing for authentication bypass:


 {{{
 In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can
 be bypassed because fork() is not atomic, and therefore authorization
 decisions are improperly cached. This is related to lack of uid checking
 in polkitbackend/polkitbackendinteractiveauthority.c.
 }}}

 
[https://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81#0cf68d1183ea5299db7cd71b8377fa3d29e1a63e]

--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/11692>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
-- 
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

[blfs-book] [BLFS Trac] #11692: Create security patch for polkit (CVE-2019-6133)

Reply via email to