kensington 14/07/23 11:07:59 Added: kdelibs-4.13.3-CVE-2014-5033.patch Log: Backport patch from upstream to solve CVE-2014-5033 wrt bug #517864. (Portage version: 2.2.10/cvs/Linux x86_64, signed Manifest commit with key 0x06B1F38DCA45A1EC!)
Revision Changes Path 1.1 kde-base/kdelibs/files/kdelibs-4.13.3-CVE-2014-5033.patch file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/kde-base/kdelibs/files/kdelibs-4.13.3-CVE-2014-5033.patch?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/kde-base/kdelibs/files/kdelibs-4.13.3-CVE-2014-5033.patch?rev=1.1&content-type=text/plain Index: kdelibs-4.13.3-CVE-2014-5033.patch =================================================================== >From c36bf4f314e6ee1203898697abe294ed0c8dcb32 Mon Sep 17 00:00:00 2001 From: "Martin T. H. Sandsmark" <martin.sandsm...@kde.org> Date: Mon, 21 Jul 2014 22:52:40 +0200 Subject: [PATCH] Use dbus system bus name instead of PID for authentication. Using the PID for authentication is prone to a PID reuse race condition, and a security issue. REVIEW: 119323 --- kdecore/auth/backends/polkit-1/Polkit1Backend.cpp | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) diff --git a/kdecore/auth/backends/polkit-1/Polkit1Backend.cpp b/kdecore/auth/backends/polkit-1/Polkit1Backend.cpp index cd7f6f3..732d2cb 100644 --- a/kdecore/auth/backends/polkit-1/Polkit1Backend.cpp +++ b/kdecore/auth/backends/polkit-1/Polkit1Backend.cpp @@ -144,7 +144,7 @@ void Polkit1Backend::setupAction(const QString &action) Action::AuthStatus Polkit1Backend::actionStatus(const QString &action) { - PolkitQt1::UnixProcessSubject subject(QCoreApplication::applicationPid()); + PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID())); PolkitQt1::Authority::Result r = PolkitQt1::Authority::instance()->checkAuthorizationSync(action, subject, PolkitQt1::Authority::None); switch (r) { @@ -160,21 +160,12 @@ Action::AuthStatus Polkit1Backend::actionStatus(const QString &action) QByteArray Polkit1Backend::callerID() const { - QByteArray a; - QDataStream s(&a, QIODevice::WriteOnly); - s << QCoreApplication::applicationPid(); - - return a; + return QDBusConnection::systemBus().baseService().toUtf8(); } bool Polkit1Backend::isCallerAuthorized(const QString &action, QByteArray callerID) { - QDataStream s(&callerID, QIODevice::ReadOnly); - qint64 pid; - - s >> pid; - - PolkitQt1::UnixProcessSubject subject(pid); + PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID)); PolkitQt1::Authority *authority = PolkitQt1::Authority::instance(); PolkitResultEventLoop e; -- 1.8.5.5
