Tree - rpms/spice-gtk - CentOS Git server

rpms / spice-gtk

Files

Commit: 4b3e03a37e9ffe79ddd3a6912ff8e900e9876802

Blob Blame History Raw

From e9e14844f9055b6b527a8fdcd346c71101db1df4 Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Wed, 21 Aug 2013 17:15:39 -0400
Subject: [PATCH] [SECURITY] acl helper: Use ruid of invoker rather than looking up euid in /proc

This way we avoid a race condition if the parent execve()s a setuid
program (possibly this program).

This is the same as the fix for pkexec which is CVE-2011-1485:
See: https://bugzilla.redhat.com/show_bug.cgi?id=692922
---
 gtk/spice-client-glib-usb-acl-helper.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/gtk/spice-client-glib-usb-acl-helper.c b/gtk/spice-client-glib-usb-acl-helper.c
index 93b9b3a..3ed6cad 100644
--- a/gtk/spice-client-glib-usb-acl-helper.c
+++ b/gtk/spice-client-glib-usb-acl-helper.c
@@ -348,7 +348,8 @@ int main(void)
             FATAL_ERROR("Parent process was reaped by init(1)\n");
             return 1;
     }
-    subject = polkit_unix_process_new(parent_pid);
+    /* Do what pkexec does */
+    subject = polkit_unix_process_new_for_owner(parent_pid, 0, getuid ());
 
     stdin_unix_stream = g_unix_input_stream_new(STDIN_FILENO, 0);
     stdin_stream = g_data_input_stream_new(stdin_unix_stream);
-- 
1.7.1

rpms / spice-gtk

Source Code

Files