Package: policykit-1 Version: 0.113-6 Severity: normal Tags: security
Dear Maintainer, the polkitd process runs with several memory zones with both write and execute permissions: # grep rwxp /proc/$(pidof polkitd)/maps 7f2638828000-7f2638838000 rwxp 00000000 00:00 0 7f263884f000-7f263885f000 rwxp 00000000 00:00 0 7f2638880000-7f26388a0000 rwxp 00000000 00:00 0 This is a problem because in case of a bug in polkitd, it might be use to inject code into the process. The same problem does exist neither in Debian 9, nor in Ubuntu 17.10 nor in Fedora 27. It seems specific to Debian experimental. -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.14.0-3-rt-amd64 (SMP w/2 CPU cores; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages policykit-1 depends on: ii adduser 3.117 ii dbus 1.12.2-1 ii libc6 2.27-0experimental0 ii libexpat1 2.2.5-3 ii libglib2.0-0 2.55.1-1 ii libmozjs185-1.0 1.8.5-1.0.0+dfsg-7 ii libnspr4 2:4.18-1 ii libpam-systemd 237-1 ii libpam0g 1.1.8-3.7 ii libpolkit-agent-1-0 0.113-6 ii libpolkit-gobject-1-0 0.113-6 ii libsystemd0 237-1 policykit-1 recommends no packages. policykit-1 suggests no packages. -- Configuration Files: /etc/polkit-1/rules.d/40-debian-sudo.rules [Errno 13] Permission denied: '/etc/polkit-1/rules.d/40-debian-sudo.rules' /etc/polkit-1/rules.d/50-default.rules [Errno 13] Permission denied: '/etc/polkit-1/rules.d/50-default.rules' -- no debconf information -- Laurent.