unofficial mirror of guix-patches@gnu.org 
 help / color / mirror / code / Atom feed
blob 9aa0373fdaee891d5347748829d721d9eea43963 834 bytes (raw)
name: gnu/packages/patches/polkit-CVE-2021-3560.patch 	 # note: path name is non-authoritative(*)
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21

 
This patch fixes CVE-2021-3560, "local privilege escalation using
polkit_system_bus_name_get_creds_sync()":

  https://www.openwall.com/lists/oss-security/2021/06/03/1

Patch from <https://gitlab.freedesktop.org/polkit/polkit/-/commit/a04d13a>.

diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c
index 8daa12cb9093c1d765c7b83654a2b8d0d382378e..8ed13631508dd96624898df90ee2ece4dcf3e1e5 100644
--- a/src/polkit/polkitsystembusname.c
+++ b/src/polkit/polkitsystembusname.c
@@ -435,6 +435,9 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName           *system_bus
   while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error))
     g_main_context_iteration (tmp_context, TRUE);
 
+  if (data.caught_error)
+    goto out;
+
   if (out_uid)
     *out_uid = data.uid;
   if (out_pid)

debug log:

solving 9aa0373fda ...
found 9aa0373fda in https://git.savannah.gnu.org/cgit/guix.git

(*) Git path names are given by the tree(s) the blob belongs to.
    Blobs themselves have no identifier aside from the hash of its contents.^
Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).