[Touch-packages] [Bug 1899019] Re: Typo in UDisks action

Mon, 05 Jun 2023 05:56:02 -0700 

This bug was fixed in the package policykit-desktop-privileges - 0.22

---------------
policykit-desktop-privileges (0.22) mantic; urgency=medium

  * Include a .rules in the new javascript format for newer polkitd
  * Remove old legacy udisks1 actions (lp: #1899019)
  * Remove the network manager system connection override
    there is a similar entry included in the network-manager package
  * Update copyright, debhelper and standards version
  * Remove old breaks, update for the new polkitd binary naming

 -- Sebastien Bacher <seb...@ubuntu.com>  Mon, 05 Jun 2023 11:58:29
+0200

** Changed in: policykit-desktop-privileges (Ubuntu)
       Status: Won't Fix => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to policykit-desktop-
privileges in Ubuntu.
https://bugs.launchpad.net/bugs/1899019

Title:
  Typo in UDisks action

Status in policykit-desktop-privileges package in Ubuntu:
  Fix Released

Bug description:
  It appears that com.ubuntu.desktop.pkla contains a typo in the UDisks
  section:

  [Mounting, checking, etc. of internal drives]
  Identity=unix-group:admin;unix-group:sudo
  
Action=org.freedesktop.udisks.filesystem-*;org.freedesktop.udisks.drive-ata-smart*;org.freedesktop.udisks2.filesystem-mount-system;org.freedesktop.udisks2.encrypted-unlock-system;org.freedesktop.udisks2.filesystem-fstab;
  ResultActive=yes

  Notice that the first two actions contain the string "udisks", rather
  than "udisks2", which appears to be a typo.

  However, the typo is actually a lucky accident because it is
  preventing a vulnerability in UDisks from being exploited. The
  vulnerable code in UDisks is protected by the
  `org.freedesktop.udisks2.filesystem-take-ownership` polkit action, so
  it will become accessible if the typo is fixed. I have separately
  reported the UDisks vulnerability to the maintainers of UDisks. I have
  attached a copy of that report for your information.

  I would recommend removing the first two actions from this file. Since
  they don't currently work, presumably nobody will miss them if they
  are removed.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/policykit-desktop-privileges/+bug/1899019/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to