New patch added. I see no reason to allow pkexec to execute targets that are not accessible to the executing user because of directory permissions. This is such a limited use case anyway that this doesn't really affect functionality.
I replaced the stat() call entirely with access() using F_OK, so rather than check that the target exists, pkexec now checks if the user has permission to verify the existence of the program. There might be another way of doing this, such as chdir()'ing to the parent directory of the target and calling lstat(), but this seemed like more code than necessary to prevent such a minor problem. ** Patch added: "Fix for pkexec info disclosure" http://launchpadlibrarian.net/40600239/pkexec.patch -- pkexec information disclosure vulnerability https://bugs.launchpad.net/bugs/532852 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
