https://bugs.freedesktop.org/enter_bug.cgi?product=PolicyKit&short_desc=pkexec%20information%20disclosure%20vulnerability&long_desc=Originally%20reported%20at:%0A%20%20https://bugs.edge.launchpad.net/bugs/532852%0A%0ABinary%20package%20hint:%20policykit-1%0A%0Apkexec%20is%20vulnerable%20to%20a%20minor%20information%20disclosure%20vulnerability%20that%20allows%20an%20attacker%20to%20verify%20whether%20or%20not%20arbitrary%20files%20exist,%20violating%20directory%20permissions.%20%20I%20reproduced%20the%20issue%20on%20my%20Karmic%20installation%20as%20follows:%0A%0A$%20mkdir%20secret%0A$%20sudo%20chown%20root:root%20secret%0A$%20sudo%20chmod%20400%20secret%0A$%20sudo%20touch%20secret/hidden%0A$%20pkexec%20/home/drosenbe/secret/hidden%0A(password%20prompt)%0A$%20pkexec%20/home/drosenbe/secret/doesnotexist%0AError%20getting%20information%20about%20/home/drosenbe/secret/doesnotexist:%20No%20such%20file%20or%20directory%0A%0AI've%20attached%20a%20simple%20patch%20that%20resolves%20the%20issue%20by%20using%20access()%20to%20check%20whether%20or%20not%20the%20user%20has%20permission%20to%20verify%20the%20existence%20of%20the%20file%20before%20calling%20stat()%20on%20it.
is a URL that launchpad just suggested you use to file the bug directly. http://tinyurl.com/yczgz4u is the shorter version of that. Thanks, James -- pkexec information disclosure vulnerability https://bugs.launchpad.net/bugs/532852 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
