Dominique Leuenberger
32f1f39609
- Add gvfs-CVE-2019-3827.patch: Prevent access if any authentication agent isn't available (glgo#GNOME/gvfs#355, bsc#1125084, CVE-2019-3827). OBS-URL: https://build.opensuse.org/request/show/676273 OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/gvfs?expand=0&rev=319
135 lines
5.2 KiB
Diff
135 lines
5.2 KiB
Diff
From d8d0c8c40049cfd824b2b90d0cd47914052b9811 Mon Sep 17 00:00:00 2001
|
|
From: Ondrej Holy <oholy@redhat.com>
|
|
Date: Wed, 2 Jan 2019 17:13:27 +0100
|
|
Subject: admin: Prevent access if any authentication agent isn't available
|
|
|
|
The backend currently allows to access and modify files without prompting
|
|
for password if any polkit authentication agent isn't available. This seems
|
|
isn't usually problem, because polkit agents are integral parts of
|
|
graphical environments / linux distributions. The agents can't be simply
|
|
disabled without root permissions and are automatically respawned. However,
|
|
this might be a problem in some non-standard cases.
|
|
|
|
This affects only users which belong to wheel group (i.e. those who are
|
|
already allowed to use sudo). It doesn't allow privilege escalation for
|
|
users, who don't belong to that group.
|
|
|
|
Let's return permission denied error also when the subject can't be
|
|
authorized by any polkit agent to prevent this behavior.
|
|
|
|
Closes: https://gitlab.gnome.org/GNOME/gvfs/issues/355
|
|
---
|
|
daemon/gvfsbackendadmin.c | 3 +--
|
|
1 file changed, 1 insertion(+), 2 deletions(-)
|
|
|
|
diff --git a/daemon/gvfsbackendadmin.c b/daemon/gvfsbackendadmin.c
|
|
index ec0f2392..0f849008 100644
|
|
--- a/daemon/gvfsbackendadmin.c
|
|
+++ b/daemon/gvfsbackendadmin.c
|
|
@@ -130,8 +130,7 @@ check_permission (GVfsBackendAdmin *self,
|
|
return FALSE;
|
|
}
|
|
|
|
- is_authorized = polkit_authorization_result_get_is_authorized (result) ||
|
|
- polkit_authorization_result_get_is_challenge (result);
|
|
+ is_authorized = polkit_authorization_result_get_is_authorized (result);
|
|
|
|
g_object_unref (result);
|
|
|
|
--
|
|
2.16.4
|
|
|
|
|
|
From 04325119859b9eb41c9db97f1c315f3c9ab3d95b Mon Sep 17 00:00:00 2001
|
|
From: Ondrej Holy <oholy@redhat.com>
|
|
Date: Fri, 4 Jan 2019 12:58:27 +0100
|
|
Subject: admin: Add comment to .rules file
|
|
|
|
Add comment to polkit org.gtk.vfs.file-operations.rules file explaining
|
|
the rule which allows starting gvfsd-admin without password for users
|
|
belonging to wheel group.
|
|
---
|
|
daemon/org.gtk.vfs.file-operations.rules | 5 +++++
|
|
1 file changed, 5 insertions(+)
|
|
|
|
diff --git a/daemon/org.gtk.vfs.file-operations.rules b/daemon/org.gtk.vfs.file-operations.rules
|
|
index fb8d54ae..6e528e93 100644
|
|
--- a/daemon/org.gtk.vfs.file-operations.rules
|
|
+++ b/daemon/org.gtk.vfs.file-operations.rules
|
|
@@ -1,3 +1,8 @@
|
|
+// Allows users belonging to wheel group to start gvfsd-admin without
|
|
+// authorization. This prevents redundant password prompt when starting
|
|
+// gvfsd-admin. The gvfsd-admin causes another password prompts to be shown
|
|
+// for each client process using the different action id and for the subject
|
|
+// based on the client process.
|
|
polkit.addRule(function(action, subject) {
|
|
if ((action.id == "org.gtk.vfs.file-operations-helper") &&
|
|
subject.local &&
|
|
--
|
|
2.16.4
|
|
|
|
|
|
From cadb8377a849dfb3a815d05b50a75049095a8d2f Mon Sep 17 00:00:00 2001
|
|
From: Ondrej Holy <oholy@redhat.com>
|
|
Date: Mon, 14 Jan 2019 14:02:23 +0100
|
|
Subject: admin: Add comments to .policy file
|
|
|
|
Add comments to polkit org.gtk.vfs.file-operations.policy file explaining
|
|
the purpose of the different actions.
|
|
---
|
|
daemon/org.gtk.vfs.file-operations.policy.in.in | 2 ++
|
|
1 file changed, 2 insertions(+)
|
|
|
|
diff --git a/daemon/org.gtk.vfs.file-operations.policy.in.in b/daemon/org.gtk.vfs.file-operations.policy.in.in
|
|
index f48a923b..02a7b2ce 100644
|
|
--- a/daemon/org.gtk.vfs.file-operations.policy.in.in
|
|
+++ b/daemon/org.gtk.vfs.file-operations.policy.in.in
|
|
@@ -8,6 +8,7 @@
|
|
<vendor>GVfs</vendor>
|
|
<vendor_url>http://git.gnome.org/browse/gvfs</vendor_url>
|
|
|
|
+ <!-- This action is used when starting gvfsd-admin. -->
|
|
<action id="org.gtk.vfs.file-operations-helper">
|
|
<description>Perform file operations</description>
|
|
<message>Authentication is required to perform file operations</message>
|
|
@@ -19,6 +20,7 @@
|
|
<annotate key="org.freedesktop.policykit.exec.path">@libexecdir@/gvfsd-admin</annotate>
|
|
</action>
|
|
|
|
+ <!-- This action is used to authorize gvfsd-admin operations. -->
|
|
<action id="org.gtk.vfs.file-operations">
|
|
<description>Perform file operations</description>
|
|
<message>Authentication is required to perform file operations</message>
|
|
--
|
|
2.16.4
|
|
|
|
|
|
From a0e015cbd76715fbee407557c676a038f164c605 Mon Sep 17 00:00:00 2001
|
|
From: Ondrej Holy <oholy@redhat.com>
|
|
Date: Mon, 14 Jan 2019 14:04:58 +0100
|
|
Subject: admin: Update message in .policy
|
|
|
|
Update message for org.gtk.vfs.file-operations-helper action in
|
|
polkit org.gtk.vfs.file-operations.rules file to be obvious that it is
|
|
used when starting gvfsd-admin.
|
|
---
|
|
daemon/org.gtk.vfs.file-operations.policy.in.in | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/daemon/org.gtk.vfs.file-operations.policy.in.in b/daemon/org.gtk.vfs.file-operations.policy.in.in
|
|
index 02a7b2ce..7acfbfd5 100644
|
|
--- a/daemon/org.gtk.vfs.file-operations.policy.in.in
|
|
+++ b/daemon/org.gtk.vfs.file-operations.policy.in.in
|
|
@@ -11,7 +11,7 @@
|
|
<!-- This action is used when starting gvfsd-admin. -->
|
|
<action id="org.gtk.vfs.file-operations-helper">
|
|
<description>Perform file operations</description>
|
|
- <message>Authentication is required to perform file operations</message>
|
|
+ <message>Authentication is required to run gvfsd-admin daemon</message>
|
|
<defaults>
|
|
<allow_any>no</allow_any>
|
|
<allow_inactive>no</allow_inactive>
|
|
--
|
|
2.16.4
|
|
|