Revert "(branch) Remove support for passing gui QVariants to KAuth helpers"

This reverts commit cb46ab970f.
epel8
Rex Dieter 6 years ago
parent cb46ab970f
commit 1721f49299

@ -1,68 +0,0 @@
From fc70fb0161c1b9144d26389434d34dd135cd3f4a Mon Sep 17 00:00:00 2001
From: Albert Astals Cid <aacid@kde.org>
Date: Sat, 2 Feb 2019 14:35:25 +0100
Subject: [PATCH 3/6] Remove support for passing gui QVariants to KAuth helpers
Supporting gui variants is very dangerous since they can end up triggering
image loading plugins which are one of the biggest vectors for crashes, which
for very smart people mean possible code execution, which is very dangerous
in code that is executed as root.
We've checked all the KAuth helpers inside KDE git and none seems to be using
gui variants, so we're not actually limiting anything that people wanted to do.
Reviewed by security@kde.org and Aleix Pol
Issue reported by Fabian Vogt
---
src/backends/dbus/DBusHelperProxy.cpp | 9 +++++++++
src/kauthaction.h | 2 ++
2 files changed, 11 insertions(+)
diff --git a/src/backends/dbus/DBusHelperProxy.cpp b/src/backends/dbus/DBusHelperProxy.cpp
index 10c14c6..8f0d336 100644
--- a/src/backends/dbus/DBusHelperProxy.cpp
+++ b/src/backends/dbus/DBusHelperProxy.cpp
@@ -31,6 +31,8 @@
#include "kf5authadaptor.h"
#include "kauthdebug.h"
+extern Q_CORE_EXPORT const QMetaTypeInterface *qMetaTypeGuiHelper;
+
namespace KAuth
{
@@ -229,10 +231,17 @@ QByteArray DBusHelperProxy::performAction(const QString &action, const QByteArra
return ActionReply::HelperBusyReply().serialized();
}
+ // Make sure we don't try restoring gui variants, in particular QImage/QPixmap/QIcon are super dangerous
+ // since they end up calling the image loaders and thus are a vector for crashing → executing code
+ auto origMetaTypeGuiHelper = qMetaTypeGuiHelper;
+ qMetaTypeGuiHelper = nullptr;
+
QVariantMap args;
QDataStream s(&arguments, QIODevice::ReadOnly);
s >> args;
+ qMetaTypeGuiHelper = origMetaTypeGuiHelper;
+
m_currentAction = action;
emit remoteSignal(ActionStarted, action, QByteArray());
QEventLoop e;
diff --git a/src/kauthaction.h b/src/kauthaction.h
index c67a70a..01f3ba1 100644
--- a/src/kauthaction.h
+++ b/src/kauthaction.h
@@ -298,6 +298,8 @@ public:
* This method sets the variant map that the application
* can use to pass arbitrary data to the helper when executing the action.
*
+ * Only non-gui variants are supported.
+ *
* @param arguments The new arguments map
*/
void setArguments(const QVariantMap &arguments);
--
2.17.2

@ -2,7 +2,7 @@
Name: kf5-%{framework} Name: kf5-%{framework}
Version: 5.54.0 Version: 5.54.0
Release: 2%{?dist} Release: 1%{?dist}
Summary: KDE Frameworks 5 Tier 2 integration module to perform actions as privileged user Summary: KDE Frameworks 5 Tier 2 integration module to perform actions as privileged user
License: LGPLv2+ License: LGPLv2+
@ -17,9 +17,6 @@ URL: https://cgit.kde.org/%{framework}.git
%endif %endif
Source0: http://download.kde.org/%{stable}/frameworks/%{majmin}/%{framework}-%{version}.tar.xz Source0: http://download.kde.org/%{stable}/frameworks/%{majmin}/%{framework}-%{version}.tar.xz
## upstream patches
Patch3: 0003-Remove-support-for-passing-gui-QVariants-to-KAuth-he.patch
BuildRequires: extra-cmake-modules >= %{majmin} BuildRequires: extra-cmake-modules >= %{majmin}
BuildRequires: kf5-kcoreaddons-devel >= %{majmin} BuildRequires: kf5-kcoreaddons-devel >= %{majmin}
BuildRequires: kf5-rpm-macros BuildRequires: kf5-rpm-macros
@ -81,9 +78,6 @@ make install/fast DESTDIR=%{buildroot} -C %{_target_platform}
%changelog %changelog
* Sat Feb 09 2019 Rex Dieter <rdieter@fedoraproject.org> - 5.54.0-2
- (branch) Remove support for passing gui QVariants to KAuth helpers
* Tue Jan 08 2019 Rex Dieter <rdieter@fedoraproject.org> - 5.54.0-1 * Tue Jan 08 2019 Rex Dieter <rdieter@fedoraproject.org> - 5.54.0-1
- 5.54.0 - 5.54.0

Loading…
Cancel
Save