diff options
| author | Joe Marcus Clarke <marcus@FreeBSD.org> | 2009-07-27 06:11:33 +0000 |
|---|---|---|
| committer | Joe Marcus Clarke <marcus@FreeBSD.org> | 2009-07-27 06:11:33 +0000 |
| commit | 191e5065b4c9f0eb17b64ce93a5591ba2c7a985e (patch) | |
| tree | b03f8f86148ea0a5dc2a7fdb01264cd14913b7da | |
| parent | 5e3e3844bb1928fdb37293512a919d8eaaaa56ca (diff) | |
| download | ports-191e5065b4c9f0eb17b64ce93a5591ba2c7a985e.tar.gz ports-191e5065b4c9f0eb17b64ce93a5591ba2c7a985e.zip | |
Notes
| -rw-r--r-- | sysutils/system-tools-backends/Makefile | 1 | ||||
| -rw-r--r-- | sysutils/system-tools-backends/files/patch-policykit | 46 |
2 files changed, 47 insertions, 0 deletions
diff --git a/sysutils/system-tools-backends/Makefile b/sysutils/system-tools-backends/Makefile index c38a2122c116..415007b1ed88 100644 --- a/sysutils/system-tools-backends/Makefile +++ b/sysutils/system-tools-backends/Makefile @@ -8,6 +8,7 @@ PORTNAME= system-tools-backends PORTVERSION= 2.6.1 +PORTREVISION= 1 CATEGORIES= sysutils gnome MASTER_SITES= GNOME DIST_SUBDIR= gnome2 diff --git a/sysutils/system-tools-backends/files/patch-policykit b/sysutils/system-tools-backends/files/patch-policykit new file mode 100644 index 000000000000..aaac9aa69979 --- /dev/null +++ b/sysutils/system-tools-backends/files/patch-policykit @@ -0,0 +1,46 @@ +Allow root to send messages to all the system tools backends, so they +work even when CVE-2008-4311 has been fixed. + +Also disallow normal user access by destination, not by interface (fd.o +#18961). + +Original patch by Simon McVittie, updated for the PolicyKit version by +Josselin Mouette with advice from Colin Walters. + +Index: system-tools-backends-2.6.0/system-tools-backends.conf +=================================================================== +--- system-tools-backends.conf 2008-03-09 14:21:45.000000000 +0100 ++++ system-tools-backends.conf 2009-03-11 22:21:09.145371060 +0100 +@@ -22,11 +22,7 @@ + <allow send_interface="org.freedesktop.SystemToolsBackends.Platform" send_member="getPlatform"/> + --> + +- <!-- configuration modules can't be accessed directly... --> +- <deny send_interface="org.freedesktop.SystemToolsBackends"/> +- <deny send_interface="org.freedesktop.SystemToolsBackends.Platform"/> +- +- <!-- ...so petitions go through the dispatcher instead --> ++ <!-- Only allow talking to the dispatcher --> + <allow send_destination="org.freedesktop.SystemToolsBackends"/> + </policy> + +@@ -49,7 +45,17 @@ + + <!-- be able to speak to configuration modules, + so any message to them has to go through the dispatcher --> +- <allow send_interface="org.freedesktop.SystemToolsBackends"/> +- <allow send_interface="org.freedesktop.SystemToolsBackends.Platform"/> ++ <allow send_destination="org.freedesktop.SystemToolsBackends"/> ++ <allow send_destination="org.freedesktop.SystemToolsBackends.Platform"/> ++ <allow send_destination="org.freedesktop.SystemToolsBackends.GroupsConfig"/> ++ <allow send_destination="org.freedesktop.SystemToolsBackends.HostsConfig"/> ++ <allow send_destination="org.freedesktop.SystemToolsBackends.IfacesConfig"/> ++ <allow send_destination="org.freedesktop.SystemToolsBackends.NFSConfig"/> ++ <allow send_destination="org.freedesktop.SystemToolsBackends.NTPConfig"/> ++ <allow send_destination="org.freedesktop.SystemToolsBackends.ServicesConfig"/> ++ <allow send_destination="org.freedesktop.SystemToolsBackends.SMBConfig"/> ++ <allow send_destination="org.freedesktop.SystemToolsBackends.TimeConfig"/> ++ <allow send_destination="org.freedesktop.SystemToolsBackends.UserConfig"/> ++ <allow send_destination="org.freedesktop.SystemToolsBackends.UsersConfig"/> + </policy> + </busconfig> |