diff options
Diffstat (limited to 'devel/kf5-kauth/files/patch-git_df875f7_CVE-2017-8422')
| -rw-r--r-- | devel/kf5-kauth/files/patch-git_df875f7_CVE-2017-8422 | 198 |
1 files changed, 0 insertions, 198 deletions
diff --git a/devel/kf5-kauth/files/patch-git_df875f7_CVE-2017-8422 b/devel/kf5-kauth/files/patch-git_df875f7_CVE-2017-8422 deleted file mode 100644 index ff19dcc36eed..000000000000 --- a/devel/kf5-kauth/files/patch-git_df875f7_CVE-2017-8422 +++ /dev/null @@ -1,198 +0,0 @@ -From df875f725293af53399f5146362eb158b4f9216a Mon Sep 17 00:00:00 2001 -From: Albert Astals Cid <aacid@kde.org> -Date: Wed, 10 May 2017 10:03:45 +0200 -Subject: Verify that whoever is calling us is actually who he says he is - -CVE-2017-8422 ---- - src/AuthBackend.cpp | 5 +++++ - src/AuthBackend.h | 7 +++++++ - src/backends/dbus/DBusHelperProxy.cpp | 27 +++++++++++++++++++++++++-- - src/backends/dbus/DBusHelperProxy.h | 6 +++++- - src/backends/policykit/PolicyKitBackend.cpp | 5 +++++ - src/backends/policykit/PolicyKitBackend.h | 1 + - src/backends/polkit-1/Polkit1Backend.cpp | 5 +++++ - src/backends/polkit-1/Polkit1Backend.h | 1 + - 8 files changed, 54 insertions(+), 3 deletions(-) - -diff --git a/src/AuthBackend.cpp b/src/AuthBackend.cpp -index a41d4f1..a847494 100644 ---- src/AuthBackend.cpp -+++ src/AuthBackend.cpp -@@ -54,6 +54,11 @@ void AuthBackend::setCapabilities(AuthBackend::Capabilities capabilities) - d->capabilities = capabilities; - } - -+AuthBackend::ExtraCallerIDVerificationMethod AuthBackend::extraCallerIDVerificationMethod() const -+{ -+ return NoExtraCallerIDVerificationMethod; -+} -+ - bool AuthBackend::actionExists(const QString &action) - { - Q_UNUSED(action); -diff --git a/src/AuthBackend.h b/src/AuthBackend.h -index c67a706..09195ef 100644 ---- src/AuthBackend.h -+++ src/AuthBackend.h -@@ -43,6 +43,12 @@ public: - }; - Q_DECLARE_FLAGS(Capabilities, Capability) - -+ enum ExtraCallerIDVerificationMethod { -+ NoExtraCallerIDVerificationMethod, -+ VerifyAgainstDBusServiceName, -+ VerifyAgainstDBusServicePid, -+ }; -+ - AuthBackend(); - virtual ~AuthBackend(); - virtual void setupAction(const QString &action) = 0; -@@ -50,6 +56,7 @@ public: - virtual Action::AuthStatus authorizeAction(const QString &action) = 0; - virtual Action::AuthStatus actionStatus(const QString &action) = 0; - virtual QByteArray callerID() const = 0; -+ virtual ExtraCallerIDVerificationMethod extraCallerIDVerificationMethod() const; - virtual bool isCallerAuthorized(const QString &action, QByteArray callerID) = 0; - virtual bool actionExists(const QString &action); - -diff --git a/src/backends/dbus/DBusHelperProxy.cpp b/src/backends/dbus/DBusHelperProxy.cpp -index 9c5cb96..3c1c108 100644 ---- src/backends/dbus/DBusHelperProxy.cpp -+++ src/backends/dbus/DBusHelperProxy.cpp -@@ -235,6 +235,29 @@ bool DBusHelperProxy::hasToStopAction() - return m_stopRequest; - } - -+bool DBusHelperProxy::isCallerAuthorized(const QString &action, const QByteArray &callerID) -+{ -+ // Check the caller is really who it says it is -+ switch (BackendsManager::authBackend()->extraCallerIDVerificationMethod()) { -+ case AuthBackend::NoExtraCallerIDVerificationMethod: -+ break; -+ -+ case AuthBackend::VerifyAgainstDBusServiceName: -+ if (message().service().toUtf8() != callerID) { -+ return false; -+ } -+ break; -+ -+ case AuthBackend::VerifyAgainstDBusServicePid: -+ if (connection().interface()->servicePid(message().service()).value() != callerID.toUInt()) { -+ return false; -+ } -+ break; -+ } -+ -+ return BackendsManager::authBackend()->isCallerAuthorized(action, callerID); -+} -+ - QByteArray DBusHelperProxy::performAction(const QString &action, const QByteArray &callerID, QByteArray arguments) - { - if (!responder) { -@@ -259,7 +282,7 @@ QByteArray DBusHelperProxy::performAction(const QString &action, const QByteArra - QTimer *timer = responder->property("__KAuth_Helper_Shutdown_Timer").value<QTimer *>(); - timer->stop(); - -- if (BackendsManager::authBackend()->isCallerAuthorized(action, callerID)) { -+ if (isCallerAuthorized(action, callerID)) { - QString slotname = action; - if (slotname.startsWith(m_name + QLatin1Char('.'))) { - slotname = slotname.right(slotname.length() - m_name.length() - 1); -@@ -301,7 +324,7 @@ uint DBusHelperProxy::authorizeAction(const QString &action, const QByteArray &c - QTimer *timer = responder->property("__KAuth_Helper_Shutdown_Timer").value<QTimer *>(); - timer->stop(); - -- if (BackendsManager::authBackend()->isCallerAuthorized(action, callerID)) { -+ if (isCallerAuthorized(action, callerID)) { - retVal = static_cast<uint>(Action::AuthorizedStatus); - } else { - retVal = static_cast<uint>(Action::DeniedStatus); -diff --git a/src/backends/dbus/DBusHelperProxy.h b/src/backends/dbus/DBusHelperProxy.h -index 52b0ac4..82cec5a 100644 ---- src/backends/dbus/DBusHelperProxy.h -+++ src/backends/dbus/DBusHelperProxy.h -@@ -25,12 +25,13 @@ - #include "kauthactionreply.h" - - #include <QDBusConnection> -+#include <QDBusContext> - #include <QVariant> - - namespace KAuth - { - --class DBusHelperProxy : public HelperProxy -+class DBusHelperProxy : public HelperProxy, protected QDBusContext - { - Q_OBJECT - Q_PLUGIN_METADATA(IID "org.kde.DBusHelperProxy") -@@ -79,6 +80,9 @@ Q_SIGNALS: - - private Q_SLOTS: - void remoteSignalReceived(int type, const QString &action, QByteArray blob); -+ -+private: -+ bool isCallerAuthorized(const QString &action, const QByteArray &callerID); - }; - - } // namespace Auth -diff --git a/src/backends/policykit/PolicyKitBackend.cpp b/src/backends/policykit/PolicyKitBackend.cpp -index c2b4d42..bf038a8 100644 ---- src/backends/policykit/PolicyKitBackend.cpp -+++ src/backends/policykit/PolicyKitBackend.cpp -@@ -78,6 +78,11 @@ QByteArray PolicyKitBackend::callerID() const - return a; - } - -+AuthBackend::ExtraCallerIDVerificationMethod Polkit1Backend::extraCallerIDVerificationMethod() const -+{ -+ return VerifyAgainstDBusServicePid; -+} -+ - bool PolicyKitBackend::isCallerAuthorized(const QString &action, QByteArray callerID) - { - QDataStream s(&callerID, QIODevice::ReadOnly); -diff --git a/src/backends/policykit/PolicyKitBackend.h b/src/backends/policykit/PolicyKitBackend.h -index eb17a3a..38b0240 100644 ---- src/backends/policykit/PolicyKitBackend.h -+++ src/backends/policykit/PolicyKitBackend.h -@@ -40,6 +40,7 @@ public: - virtual Action::AuthStatus authorizeAction(const QString &); - virtual Action::AuthStatus actionStatus(const QString &); - virtual QByteArray callerID() const; -+ ExtraCallerIDVerificationMethod extraCallerIDVerificationMethod() const Q_DECL_OVERRIDE; - virtual bool isCallerAuthorized(const QString &action, QByteArray callerID); - - private Q_SLOTS: -diff --git a/src/backends/polkit-1/Polkit1Backend.cpp b/src/backends/polkit-1/Polkit1Backend.cpp -index 78ee5bb..774588c 100644 ---- src/backends/polkit-1/Polkit1Backend.cpp -+++ src/backends/polkit-1/Polkit1Backend.cpp -@@ -162,6 +162,11 @@ QByteArray Polkit1Backend::callerID() const - return QDBusConnection::systemBus().baseService().toUtf8(); - } - -+AuthBackend::ExtraCallerIDVerificationMethod Polkit1Backend::extraCallerIDVerificationMethod() const -+{ -+ return VerifyAgainstDBusServiceName; -+} -+ - bool Polkit1Backend::isCallerAuthorized(const QString &action, QByteArray callerID) - { - PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID)); -diff --git a/src/backends/polkit-1/Polkit1Backend.h b/src/backends/polkit-1/Polkit1Backend.h -index d7d1e3a..2357892 100644 ---- src/backends/polkit-1/Polkit1Backend.h -+++ src/backends/polkit-1/Polkit1Backend.h -@@ -49,6 +49,7 @@ public: - Action::AuthStatus authorizeAction(const QString &) Q_DECL_OVERRIDE; - Action::AuthStatus actionStatus(const QString &) Q_DECL_OVERRIDE; - QByteArray callerID() const Q_DECL_OVERRIDE; -+ ExtraCallerIDVerificationMethod extraCallerIDVerificationMethod() const Q_DECL_OVERRIDE; - bool isCallerAuthorized(const QString &action, QByteArray callerID) Q_DECL_OVERRIDE; - bool actionExists(const QString &action) Q_DECL_OVERRIDE; - --- -cgit v0.11.2 - |