Details: https://nvd.nist.gov/vuln/detail/CVE-2016-2568
This commit mostly just tries to add some info to this issue, in the hope that it will save some time for others who try to investigate it. This CVE most probably will stay open in meta-oe in the foreseeable future, although it can be mitigated reasonably easily by the users of the layer. The description of the vulnerability is short enough that it can be reproduced here: "pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer." The general consensus amongst developers/major distros[1][2][3] seems to be that it should be mitigated on the kernel side, to not allow non-privileged users to fake input. To this end, the kernel has introduced a new config in v6.2, called CONFIG_LEGACY_TIOCSTI - when it is enabled, non-privileged used can also fake input. It is however by default enabled (and it is also enabled in the kernels shipped in oe-core, at least at the time of writing this). Disabling this kernel config is considered to be the mitigation, to allow input-faking only by privileged users. [1]: https://security-tracker.debian.org/tracker/CVE-2016-2568 [2]: https://bugzilla.suse.com/show_bug.cgi?id=968674 [3]: https://marc.info/?t=145694748900001&r=1&w=2 / https://marc.info/?l=util-linux-ng&m=145702209921574&w=2 Signed-off-by: Gyorgy Sarvari <[email protected]> --- meta-oe/recipes-extended/polkit/polkit_127.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-oe/recipes-extended/polkit/polkit_127.bb b/meta-oe/recipes-extended/polkit/polkit_127.bb index 40eca9f9ee..f97c6efbf7 100644 --- a/meta-oe/recipes-extended/polkit/polkit_127.bb +++ b/meta-oe/recipes-extended/polkit/polkit_127.bb @@ -65,3 +65,5 @@ FILES:${PN} += " \ ${systemd_unitdir}/system/polkit-agent-helper.socket \ ${systemd_unitdir}/system/[email protected] \ " + +CVE_STATUS[CVE-2016-2568] = "unpatched: the fix is a kernel compiled without CONFIG_LEGACY_TIOCSTI"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#124562): https://lists.openembedded.org/g/openembedded-devel/message/124562 Mute This Topic: https://lists.openembedded.org/mt/117963233/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
