aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2013-12-05 16:22:26 +0100
committerNatanael Copa <ncopa@alpinelinux.org>2013-12-05 15:51:08 +0000
commit368db46ca0855b16fd56371a1dd0b3c829b61d6a (patch)
tree505214520e06f0d0bbb9d94666281280d58d90d2
parentfc63abb7cf648e265ac8976e6ff92197a6599348 (diff)
downloadaports-368db46ca0855b16fd56371a1dd0b3c829b61d6a.tar.bz2
aports-368db46ca0855b16fd56371a1dd0b3c829b61d6a.tar.xz
main/polkit: security fix for CVE-2013-4288
ref #2471
-rw-r--r--main/polkit/APKBUILD12
-rw-r--r--main/polkit/CVE-2013-4288.patch123
2 files changed, 134 insertions, 1 deletions
diff --git a/main/polkit/APKBUILD b/main/polkit/APKBUILD
index 8e99a7dfad..619dd1ee8d 100644
--- a/main/polkit/APKBUILD
+++ b/main/polkit/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=polkit
pkgver=0.105
-pkgrel=1
+pkgrel=2
pkgdesc="Application development toolkit for controlling system-wide privileges"
url="http://www.freedesktop.org/wiki/Software/PolicyKit"
arch="all"
@@ -15,6 +15,7 @@ install=
subpackages="$pkgname-dev $pkgname-doc $pkgname-lang"
source="http://www.freedesktop.org/software/polkit/releases/polkit-$pkgver.tar.gz
0001-Bug-50145-make-netgroup-support-optional.patch
+ CVE-2013-4288.patch
automake.patch
"
@@ -64,4 +65,13 @@ package() {
md5sums="9c29e1b6c214f0bd6f1d4ee303dfaed9 polkit-0.105.tar.gz
bb4e7bffa5bad89bf3033b3d866a4087 0001-Bug-50145-make-netgroup-support-optional.patch
+2f2b7a0a5e79516582ce12a80c5677a2 CVE-2013-4288.patch
38dfb2ffefa4f84d64e4cd93fda145f2 automake.patch"
+sha256sums="8fdc7cc8ba4750fcce1a4db9daa759c12afebc7901237e1c993c38f08985e1df polkit-0.105.tar.gz
+80bf119937c5b75887bf6405e69e364a31e6e2edcac7957816ed7d8ea6b2a5a3 0001-Bug-50145-make-netgroup-support-optional.patch
+394be8089e90ed662af0b2043fa6abdda0c062d89970ce5f5a25df8633123d5e CVE-2013-4288.patch
+de9e99ec691e45fc204eba576e301299952c0eb13ecedcb7399ba1b6aab94200 automake.patch"
+sha512sums="7c0f84b9639814b4690e42b570285ff2018a5ea4cfd7216d9abf44c84ece6592c530f2d6211511c1346963daf4f135e9fa79d1b2f592b454115950991b5e4bc3 polkit-0.105.tar.gz
+09ca9c14044c0a281e9069919efbb6d14918f23f58a282b5ce25c8a6640966396904373822869fe994c711f40c33d5c34cf3b77f85a59e239ba3d0c22a31ca8e 0001-Bug-50145-make-netgroup-support-optional.patch
+d6de3beb063243c11906f525ef2eb65aeca823c25b1f44dde4a16f4fc2c5ce587b129e0bfb25a4a4b88ac2bf5713c47e57700c139323d961c9f9b6ba4c03fffb CVE-2013-4288.patch
+25465a23332247d0873e24cb5f011a267413615526755a8295a6367d64fc5eb8c2aa3c9c1fdcfa183b39e3ece14f33b25f15a339d966a31f3feb861b3f17adbf automake.patch"
diff --git a/main/polkit/CVE-2013-4288.patch b/main/polkit/CVE-2013-4288.patch
new file mode 100644
index 0000000000..0ca8131e81
--- /dev/null
+++ b/main/polkit/CVE-2013-4288.patch
@@ -0,0 +1,123 @@
+From a3fa3b86f0015e42a534526ed800bcde5b3f2a15 Mon Sep 17 00:00:00 2001
+From: Colin Walters <walters@verbum.org>
+Date: Mon, 19 Aug 2013 12:16:11 -0400
+Subject: [PATCH] pkcheck: Support --process=pid,start-time,uid syntax too
+
+The uid is a new addition; this allows callers such as libvirt to
+close a race condition in reading the uid of the process talking to
+them. They can read it via getsockopt(SO_PEERCRED) or equivalent,
+rather than having pkcheck look at /proc later after the fact.
+
+Programs which invoke pkcheck but need to know beforehand (i.e. at
+compile time) whether or not it supports passing the uid can
+use:
+
+pkcheck_supports_uid=$($PKG_CONFIG --variable pkcheck_supports_uid polkit-gobject-1)
+test x$pkcheck_supports_uid = xyes
+
+Conflicts:
+ docs/man/pkcheck.xml
+ src/programs/pkcheck.c
+---
+ data/polkit-gobject-1.pc.in | 3 +++
+ docs/man/pkcheck.xml | 33 +++++++++++++++++++++------------
+ src/programs/pkcheck.c | 7 ++++++-
+ 3 files changed, 30 insertions(+), 13 deletions(-)
+
+diff --git a/data/polkit-gobject-1.pc.in b/data/polkit-gobject-1.pc.in
+index c39677d..5c4c620 100644
+--- a/data/polkit-gobject-1.pc.in
++++ b/data/polkit-gobject-1.pc.in
+@@ -11,3 +11,6 @@ Version: @VERSION@
+ Libs: -L${libdir} -lpolkit-gobject-1
+ Cflags: -I${includedir}/polkit-1
+ Requires: gio-2.0 >= 2.18 glib-2.0 >= 2.18
++# Programs using pkcheck can use this to determine
++# whether or not it can be passed a uid.
++pkcheck_supports_uid=true
+diff --git a/docs/man/pkcheck.xml b/docs/man/pkcheck.xml
+index 6b8a874..9f2faef 100644
+--- a/docs/man/pkcheck.xml
++++ b/docs/man/pkcheck.xml
+@@ -55,6 +55,9 @@
+ <arg choice="plain">
+ <replaceable>pid,pid-start-time</replaceable>
+ </arg>
++ <arg choice="plain">
++ <replaceable>pid,pid-start-time,uid</replaceable>
++ </arg>
+ </group>
+ </arg>
+ <arg choice="plain">
+@@ -90,7 +93,7 @@
+ <title>DESCRIPTION</title>
+ <para>
+ <command>pkcheck</command> is used to check whether a process, specified by
+- either <option>--process</option> or <option>--system-bus-name</option>,
++ either <option>--process</option> (see below) or <option>--system-bus-name</option>,
+ is authorized for <replaceable>action</replaceable>. The <option>--detail</option>
+ option can be used zero or more times to pass details about <replaceable>action</replaceable>.
+ If <option>--allow-user-interaction</option> is passed, <command>pkcheck</command> blocks
+@@ -160,17 +163,23 @@ KEY3=VALUE3
+ <refsect1 id="pkcheck-notes">
+ <title>NOTES</title>
+ <para>
+- Since process identifiers can be recycled, the caller should always use
+- <replaceable>pid,pid-start-time</replaceable> to specify the process
+- to check for authorization when using the <option>--process</option> option.
+- The value of <replaceable>pid-start-time</replaceable>
+- can be determined by consulting e.g. the
+- <citerefentry>
+- <refentrytitle>proc</refentrytitle><manvolnum>5</manvolnum>
+- </citerefentry>
+- file system depending on the operating system. If only <replaceable>pid</replaceable>
+- is passed to the <option>--process</option> option, then <command>pkcheck</command>
+- will look up the start time itself but note that this may be racy.
++ Do not use either the bare <replaceable>pid</replaceable> or
++ <replaceable>pid,start-time</replaceable> syntax forms for
++ <option>--process</option>. There are race conditions in both.
++ New code should always use
++ <replaceable>pid,pid-start-time,uid</replaceable>. The value of
++ <replaceable>start-time</replaceable> can be determined by
++ consulting e.g. the
++ <citerefentry><refentrytitle>proc</refentrytitle><manvolnum>5</manvolnum></citerefentry>
++ file system depending on the operating system. If fewer than 3
++ arguments are passed, <command>pkcheck</command> will attempt to
++ look up them up internally, but note that this may be racy.
++ </para>
++ <para>
++ If your program is a daemon with e.g. a custom Unix domain
++ socket, you should determine the <replaceable>uid</replaceable>
++ parameter via operating system mechanisms such as
++ <literal>PEERCRED</literal>.
+ </para>
+ </refsect1>
+
+diff --git a/src/programs/pkcheck.c b/src/programs/pkcheck.c
+index 719a36c..057e926 100644
+--- a/src/programs/pkcheck.c
++++ b/src/programs/pkcheck.c
+@@ -372,6 +372,7 @@ main (int argc, char *argv[])
+ else if (g_strcmp0 (argv[n], "--process") == 0 || g_strcmp0 (argv[n], "-p") == 0)
+ {
+ gint pid;
++ guint uid;
+ guint64 pid_start_time;
+
+ n++;
+@@ -381,7 +382,11 @@ main (int argc, char *argv[])
+ goto out;
+ }
+
+- if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT, &pid, &pid_start_time) == 2)
++ if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT ",%u", &pid, &pid_start_time, &uid) == 3)
++ {
++ subject = polkit_unix_process_new_for_owner (pid, pid_start_time, uid);
++ }
++ else if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT, &pid, &pid_start_time) == 2)
+ {
+ subject = polkit_unix_process_new_full (pid, pid_start_time);
+ }
+--
+1.8.5.1
+