diff options
| author | davidovski <david@davidovski.xyz> | 2022-05-31 11:05:19 +0100 |
|---|---|---|
| committer | davidovski <david@davidovski.xyz> | 2022-05-31 11:05:19 +0100 |
| commit | 48ca75555522716f0f686dcae3dd6cf3d8ad714d (patch) | |
| tree | 00c0f58550ba4661e87376f2f02c8001c69bae44 /repo/system/polkit/CVE-2021-4034.patch | |
| parent | 871b2b573f01c1b3176a0f65458b3d281b41c437 (diff) | |
removed idea of repos
Diffstat (limited to 'repo/system/polkit/CVE-2021-4034.patch')
| -rw-r--r-- | repo/system/polkit/CVE-2021-4034.patch | 79 |
1 files changed, 0 insertions, 79 deletions
diff --git a/repo/system/polkit/CVE-2021-4034.patch b/repo/system/polkit/CVE-2021-4034.patch deleted file mode 100644 index a06300a..0000000 --- a/repo/system/polkit/CVE-2021-4034.patch +++ /dev/null @@ -1,79 +0,0 @@ -From a2bf5c9c83b6ae46cbd5c779d3055bff81ded683 Mon Sep 17 00:00:00 2001 -From: Jan Rybar <jrybar@redhat.com> -Date: Tue, 25 Jan 2022 17:21:46 +0000 -Subject: [PATCH] pkexec: local privilege escalation (CVE-2021-4034) - ---- - src/programs/pkcheck.c | 5 +++++ - src/programs/pkexec.c | 23 ++++++++++++++++++++--- - 2 files changed, 25 insertions(+), 3 deletions(-) - -diff --git a/src/programs/pkcheck.c b/src/programs/pkcheck.c -index f1bb4e1..768525c 100644 ---- a/src/programs/pkcheck.c -+++ b/src/programs/pkcheck.c -@@ -363,6 +363,11 @@ main (int argc, char *argv[]) - local_agent_handle = NULL; - ret = 126; - -+ if (argc < 1) -+ { -+ exit(126); -+ } -+ - /* Disable remote file access from GIO. */ - setenv ("GIO_USE_VFS", "local", 1); - -diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c -index 7698c5c..84e5ef6 100644 ---- a/src/programs/pkexec.c -+++ b/src/programs/pkexec.c -@@ -488,6 +488,15 @@ main (int argc, char *argv[]) - pid_t pid_of_caller; - gpointer local_agent_handle; - -+ -+ /* -+ * If 'pkexec' is called THIS wrong, someone's probably evil-doing. Don't be nice, just bail out. -+ */ -+ if (argc<1) -+ { -+ exit(127); -+ } -+ - ret = 127; - authority = NULL; - subject = NULL; -@@ -614,10 +623,10 @@ main (int argc, char *argv[]) - - path = g_strdup (pwstruct.pw_shell); - if (!path) -- { -+ { - g_printerr ("No shell configured or error retrieving pw_shell\n"); - goto out; -- } -+ } - /* If you change this, be sure to change the if (!command_line) - case below too */ - command_line = g_strdup (path); -@@ -636,7 +645,15 @@ main (int argc, char *argv[]) - goto out; - } - g_free (path); -- argv[n] = path = s; -+ path = s; -+ -+ /* argc<2 and pkexec runs just shell, argv is guaranteed to be null-terminated. -+ * /-less shell shouldn't happen, but let's be defensive and don't write to null-termination -+ */ -+ if (argv[n] != NULL) -+ { -+ argv[n] = path; -+ } - } - if (access (path, F_OK) != 0) - { --- -GitLab - |