Accepting request 201242 from home:sreeves1:branches:Base:System

fix bnc#838939 OBS-URL: https://build.opensuse.org/request/show/201242 OBS-URL: https://build.opensuse.org/package/show/Base:System/rtkit?expand=0&rev=21
2013-09-27 22:36:06 +00:00 · 2013-09-27 22:36:06 +00:00 · 0bf47c6914
commit 0bf47c6914
parent ce4ef65595
3 changed files with 53 additions and 1 deletions
--- a/rtkit-bnc836939.patch
+++ b/rtkit-bnc836939.patch
@ -0,0 +1,43 @@
 commit 88d4082ef6caf6b071d749dca1c50e7edde914cc
 Author: Colin Walters <walters@verbum.org>
 Date:   Thu Aug 22 16:05:22 2013 -0400
    Pass uid of caller to polkit
    Otherwise, we force polkit to look up the uid itself in /proc, which
    is racy if they execve() a setuid binary.
 diff --git a/rtkit-daemon.c b/rtkit-daemon.c
 index 2ebe673..3ecc1f7 100644
 --- a/rtkit-daemon.c
 +++ b/rtkit-daemon.c
@@ -1170,12 +1170,14 @@ static int verify_polkit(DBusConnection *c, struct rtkit_user *u, struct process
         DBusMessage *m = NULL, *r = NULL;
         const char *unix_process = "unix-process";
         const char *pid = "pid";
 +        const char *uid = "uid";
         const char *start_time = "start-time";
         const char *cancel_id = "";
         uint32_t flags = 0;
         uint32_t pid_u32 = p->pid;
 -        uint64_t start_time_u64 = p->starttime;
 +        uint32_t uid_u32 = (uint32_t)u->uid;
         DBusMessageIter iter_msg, iter_struct, iter_array, iter_dict, iter_variant;
 +        uint64_t start_time_u64 = p->starttime;
         int ret;
         dbus_bool_t authorized = FALSE;
@@ -1206,6 +1208,13 @@ static int verify_polkit(DBusConnection *c, struct rtkit_user *u, struct process
         assert_se(dbus_message_iter_close_container(&iter_dict, &iter_variant));
         assert_se(dbus_message_iter_close_container(&iter_array, &iter_dict));
 +        assert_se(dbus_message_iter_open_container(&iter_array, DBUS_TYPE_DICT_ENTRY, NULL, &iter_dict));
 +        assert_se(dbus_message_iter_append_basic(&iter_dict, DBUS_TYPE_STRING, &uid));
 +        assert_se(dbus_message_iter_open_container(&iter_dict, DBUS_TYPE_VARIANT, "u", &iter_variant));
 +        assert_se(dbus_message_iter_append_basic(&iter_variant, DBUS_TYPE_UINT32, &uid_u32));
 +        assert_se(dbus_message_iter_close_container(&iter_dict, &iter_variant));
 +        assert_se(dbus_message_iter_close_container(&iter_array, &iter_dict));
 +
         assert_se(dbus_message_iter_close_container(&iter_struct, &iter_array));
         assert_se(dbus_message_iter_close_container(&iter_msg, &iter_struct));
--- a/rtkit.changes
+++ b/rtkit.changes
@ -1,3 +1,9 @@
 -------------------------------------------------------------------
 Fri Sep 27 22:21:16 UTC 2013 - sreeves@suse.com
 - Add rtkit-bnc836939.patch
  Fix bnc#836939 - use of insecure polkit DBUS API. CVE-2013-4326
 -------------------------------------------------------------------
 Wed Oct 17 14:13:55 UTC 2012 - fcrozat@suse.com
--- a/rtkit.spec
+++ b/rtkit.spec
@ -1,7 +1,7 @@
 #
 # spec file for package rtkit
 #
-# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -39,6 +39,8 @@ BuildRequires:  pkgconfig(libsystemd-daemon)
 %define has_systemd 1
 %endif
 Patch0:         rtkit-use-system-sd-daemon.patch
 # PATCH-FIX-UPSTREAM rtkit-bnc836939.patch sreeves@suse.com -- use of insecure polkit DBUS API
 Patch1:         rtkit-bnc836939.patch
 %description
 RealtimeKit is a D-Bus system service that changes the
@ -50,6 +52,7 @@ processes.
 %prep
 %setup -q
 %patch0 -p1
 %patch1 -p1
 %build
 autoreconf -fiv