diff options
| author | davidovski <david@davidovski.xyz> | 2022-05-04 23:52:30 +0100 |
|---|---|---|
| committer | davidovski <david@davidovski.xyz> | 2022-05-04 23:52:30 +0100 |
| commit | 739c65c54cb0e957df5e9b76f93fb02554e5cac3 (patch) | |
| tree | 09ddfa0a342f3ea9de136cb50abdd79821bf1b53 /extra/polkit/patches/CVE-2021-4034.patch | |
| parent | 4c585ad54388285500fd18a6aaa516894e0f2c16 (diff) | |
moved everything to new file formatting
Diffstat (limited to 'extra/polkit/patches/CVE-2021-4034.patch')
| -rw-r--r-- | extra/polkit/patches/CVE-2021-4034.patch | 79 |
1 files changed, 0 insertions, 79 deletions
diff --git a/extra/polkit/patches/CVE-2021-4034.patch b/extra/polkit/patches/CVE-2021-4034.patch deleted file mode 100644 index a06300a..0000000 --- a/extra/polkit/patches/CVE-2021-4034.patch +++ /dev/null @@ -1,79 +0,0 @@ -From a2bf5c9c83b6ae46cbd5c779d3055bff81ded683 Mon Sep 17 00:00:00 2001 -From: Jan Rybar <jrybar@redhat.com> -Date: Tue, 25 Jan 2022 17:21:46 +0000 -Subject: [PATCH] pkexec: local privilege escalation (CVE-2021-4034) - ---- - src/programs/pkcheck.c | 5 +++++ - src/programs/pkexec.c | 23 ++++++++++++++++++++--- - 2 files changed, 25 insertions(+), 3 deletions(-) - -diff --git a/src/programs/pkcheck.c b/src/programs/pkcheck.c -index f1bb4e1..768525c 100644 ---- a/src/programs/pkcheck.c -+++ b/src/programs/pkcheck.c -@@ -363,6 +363,11 @@ main (int argc, char *argv[]) - local_agent_handle = NULL; - ret = 126; - -+ if (argc < 1) -+ { -+ exit(126); -+ } -+ - /* Disable remote file access from GIO. */ - setenv ("GIO_USE_VFS", "local", 1); - -diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c -index 7698c5c..84e5ef6 100644 ---- a/src/programs/pkexec.c -+++ b/src/programs/pkexec.c -@@ -488,6 +488,15 @@ main (int argc, char *argv[]) - pid_t pid_of_caller; - gpointer local_agent_handle; - -+ -+ /* -+ * If 'pkexec' is called THIS wrong, someone's probably evil-doing. Don't be nice, just bail out. -+ */ -+ if (argc<1) -+ { -+ exit(127); -+ } -+ - ret = 127; - authority = NULL; - subject = NULL; -@@ -614,10 +623,10 @@ main (int argc, char *argv[]) - - path = g_strdup (pwstruct.pw_shell); - if (!path) -- { -+ { - g_printerr ("No shell configured or error retrieving pw_shell\n"); - goto out; -- } -+ } - /* If you change this, be sure to change the if (!command_line) - case below too */ - command_line = g_strdup (path); -@@ -636,7 +645,15 @@ main (int argc, char *argv[]) - goto out; - } - g_free (path); -- argv[n] = path = s; -+ path = s; -+ -+ /* argc<2 and pkexec runs just shell, argv is guaranteed to be null-terminated. -+ * /-less shell shouldn't happen, but let's be defensive and don't write to null-termination -+ */ -+ if (argv[n] != NULL) -+ { -+ argv[n] = path; -+ } - } - if (access (path, F_OK) != 0) - { --- -GitLab - |