Alexei Sorokin 2018-08-06 15:10:22 +00:00 committed by Git OBS Bridge
parent 6fba4697cc
commit dd381ef3dc
3 changed files with 38 additions and 0 deletions

View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Mon Aug 6 14:09:43 UTC 2018 - sor.alexei@meowr.ru
- Add nemo-share-3.8.0-prevent-privilege-escalation.patch: Prevent
unprivileged users from adding other users to sambashare
(commit a831e7b, bsc#1084703).
------------------------------------------------------------------- -------------------------------------------------------------------
Thu May 8 20:40:20 UTC 2018 - sor.alexei@meowr.ru Thu May 8 20:40:20 UTC 2018 - sor.alexei@meowr.ru

View File

@ -36,6 +36,8 @@ Patch1: nemo-dropbox_no-dropbox-bin.patch
Patch2: nemo-seahorse_gpg-2.2.patch Patch2: nemo-seahorse_gpg-2.2.patch
# PATCH-FIX-OPENSUSE nemo-gtkhash_openssl-1.1.patch sor.alexei@meowr.ru -- Add basic OpenSSL 1.1+ compatibility in nemo-gtkhash. # PATCH-FIX-OPENSUSE nemo-gtkhash_openssl-1.1.patch sor.alexei@meowr.ru -- Add basic OpenSSL 1.1+ compatibility in nemo-gtkhash.
Patch3: nemo-gtkhash_openssl-1.1.patch Patch3: nemo-gtkhash_openssl-1.1.patch
# PATCH-FIX-UPSTREAM nemo-share-3.8.0-prevent-privilege-escalation.patch bsc#1084703 -- Prevent unprivileged users from adding other users to sambashare (commit a831e7b).
Patch4: nemo-share-3.8.0-prevent-privilege-escalation.patch
BuildRequires: gettext-runtime BuildRequires: gettext-runtime
BuildRequires: gnome-common BuildRequires: gnome-common
BuildRequires: intltool BuildRequires: intltool
@ -363,6 +365,7 @@ directory in Nemo.
%patch1 %patch1
%patch2 %patch2
%patch3 %patch3
%patch4
# Remove spurious executable permission. # Remove spurious executable permission.
chmod a-x nemo-audio-tab/COPYING.GPL3 nemo-emblems/COPYING.GPL3 chmod a-x nemo-audio-tab/COPYING.GPL3 nemo-emblems/COPYING.GPL3

View File

@ -0,0 +1,28 @@
--- nemo-share.orig/src/install-samba
+++ nemo-share/src/install-samba
@@ -33,12 +33,20 @@ class Main:
if __name__ == "__main__":
ml = GLib.MainLoop.new(None, True)
- if len(sys.argv) == 2:
- user = sys.argv[1]
- else:
- uid = int(os.getenv("PKEXEC_UID"))
+ # prefer using the uid provided by pkexec to the command line argument. if
+ # a user authenticated via pkexec then he should only be able to add
+ # himself to the group.
+ uid = os.getenv("PKEXEC_UID", None)
+
+ if uid != None:
+ uid = int(uid)
passwd = pwd.getpwuid(uid)
user = passwd[0]
+ elif len(sys.argv) == 2:
+ user = sys.argv[1]
+ else:
+ print("No target uid in environment or on command line found.")
+ exit(-1)
main = Main(user)
ml.run()