rpms
/
kf5-kauth
21
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

5.35.0

Browse Source
epel8
Rex Dieter 8 years ago
parent 28f4716db8
commit cc3f54c19d
4 changed files with 10 additions and 218 deletions
Show Stats Download Patch File Download Diff File

13
.gitignore vendored
Unescape View File

@ -1,12 +1 @@
/kauth-5.21.0.tar.xz
/kauth-5.22.0.tar.xz
/kauth-5.23.0.tar.xz
/kauth-5.24.0.tar.xz
/kauth-5.25.0.tar.xz
/kauth-5.26.0.tar.xz
/kauth-5.27.0.tar.xz
/kauth-5.29.0.tar.xz
/kauth-5.31.0.tar.xz
/kauth-5.32.0.tar.xz
/kauth-5.33.0.tar.xz
/kauth-5.34.0.tar.xz
/kauth-5.35.0.tar.xz

198
kauth-5.33.0-2017-8422-local-privilige-escalation.patch
Unescape View File

@ -1,198 +0,0 @@
From df875f725293af53399f5146362eb158b4f9216a Mon Sep 17 00:00:00 2001
From: Albert Astals Cid <aacid@kde.org>
Date: Wed, 10 May 2017 10:03:45 +0200
Subject: Verify that whoever is calling us is actually who he says he is
CVE-2017-8422
---
src/AuthBackend.cpp | 5 +++++
src/AuthBackend.h | 7 +++++++
src/backends/dbus/DBusHelperProxy.cpp | 27 +++++++++++++++++++++++++--
src/backends/dbus/DBusHelperProxy.h | 6 +++++-
src/backends/policykit/PolicyKitBackend.cpp | 5 +++++
src/backends/policykit/PolicyKitBackend.h | 1 +
src/backends/polkit-1/Polkit1Backend.cpp | 5 +++++
src/backends/polkit-1/Polkit1Backend.h | 1 +
8 files changed, 54 insertions(+), 3 deletions(-)
diff --git a/src/AuthBackend.cpp b/src/AuthBackend.cpp
index a41d4f1..a847494 100644
--- a/src/AuthBackend.cpp
+++ b/src/AuthBackend.cpp
@@ -54,6 +54,11 @@ void AuthBackend::setCapabilities(AuthBackend::Capabilities capabilities)
d->capabilities = capabilities;
}
+AuthBackend::ExtraCallerIDVerificationMethod AuthBackend::extraCallerIDVerificationMethod() const
+{
+ return NoExtraCallerIDVerificationMethod;
+}
+
bool AuthBackend::actionExists(const QString &action)
{
Q_UNUSED(action);
diff --git a/src/AuthBackend.h b/src/AuthBackend.h
index c67a706..09195ef 100644
--- a/src/AuthBackend.h
+++ b/src/AuthBackend.h
@@ -43,6 +43,12 @@ public:
};
Q_DECLARE_FLAGS(Capabilities, Capability)
+ enum ExtraCallerIDVerificationMethod {
+ NoExtraCallerIDVerificationMethod,
+ VerifyAgainstDBusServiceName,
+ VerifyAgainstDBusServicePid,
+ };
+
AuthBackend();
virtual ~AuthBackend();
virtual void setupAction(const QString &action) = 0;
@@ -50,6 +56,7 @@ public:
virtual Action::AuthStatus authorizeAction(const QString &action) = 0;
virtual Action::AuthStatus actionStatus(const QString &action) = 0;
virtual QByteArray callerID() const = 0;
+ virtual ExtraCallerIDVerificationMethod extraCallerIDVerificationMethod() const;
virtual bool isCallerAuthorized(const QString &action, QByteArray callerID) = 0;
virtual bool actionExists(const QString &action);
diff --git a/src/backends/dbus/DBusHelperProxy.cpp b/src/backends/dbus/DBusHelperProxy.cpp
index 9c5cb96..3c1c108 100644
--- a/src/backends/dbus/DBusHelperProxy.cpp
+++ b/src/backends/dbus/DBusHelperProxy.cpp
@@ -235,6 +235,29 @@ bool DBusHelperProxy::hasToStopAction()
return m_stopRequest;
}
+bool DBusHelperProxy::isCallerAuthorized(const QString &action, const QByteArray &callerID)
+{
+ // Check the caller is really who it says it is
+ switch (BackendsManager::authBackend()->extraCallerIDVerificationMethod()) {
+ case AuthBackend::NoExtraCallerIDVerificationMethod:
+ break;
+
+ case AuthBackend::VerifyAgainstDBusServiceName:
+ if (message().service().toUtf8() != callerID) {
+ return false;
+ }
+ break;
+
+ case AuthBackend::VerifyAgainstDBusServicePid:
+ if (connection().interface()->servicePid(message().service()).value() != callerID.toUInt()) {
+ return false;
+ }
+ break;
+ }
+
+ return BackendsManager::authBackend()->isCallerAuthorized(action, callerID);
+}
+
QByteArray DBusHelperProxy::performAction(const QString &action, const QByteArray &callerID, QByteArray arguments)
{
if (!responder) {
@@ -259,7 +282,7 @@ QByteArray DBusHelperProxy::performAction(const QString &action, const QByteArra
QTimer *timer = responder->property("__KAuth_Helper_Shutdown_Timer").value<QTimer *>();
timer->stop();
- if (BackendsManager::authBackend()->isCallerAuthorized(action, callerID)) {
+ if (isCallerAuthorized(action, callerID)) {
QString slotname = action;
if (slotname.startsWith(m_name + QLatin1Char('.'))) {
slotname = slotname.right(slotname.length() - m_name.length() - 1);
@@ -301,7 +324,7 @@ uint DBusHelperProxy::authorizeAction(const QString &action, const QByteArray &c
QTimer *timer = responder->property("__KAuth_Helper_Shutdown_Timer").value<QTimer *>();
timer->stop();
- if (BackendsManager::authBackend()->isCallerAuthorized(action, callerID)) {
+ if (isCallerAuthorized(action, callerID)) {
retVal = static_cast<uint>(Action::AuthorizedStatus);
} else {
retVal = static_cast<uint>(Action::DeniedStatus);
diff --git a/src/backends/dbus/DBusHelperProxy.h b/src/backends/dbus/DBusHelperProxy.h
index 52b0ac4..82cec5a 100644
--- a/src/backends/dbus/DBusHelperProxy.h
+++ b/src/backends/dbus/DBusHelperProxy.h
@@ -25,12 +25,13 @@
#include "kauthactionreply.h"
#include <QDBusConnection>
+#include <QDBusContext>
#include <QVariant>
namespace KAuth
{
-class DBusHelperProxy : public HelperProxy
+class DBusHelperProxy : public HelperProxy, protected QDBusContext
{
Q_OBJECT
Q_PLUGIN_METADATA(IID "org.kde.DBusHelperProxy")
@@ -79,6 +80,9 @@ Q_SIGNALS:
private Q_SLOTS:
void remoteSignalReceived(int type, const QString &action, QByteArray blob);
+
+private:
+ bool isCallerAuthorized(const QString &action, const QByteArray &callerID);
};
} // namespace Auth
diff --git a/src/backends/policykit/PolicyKitBackend.cpp b/src/backends/policykit/PolicyKitBackend.cpp
index c2b4d42..bf038a8 100644
--- a/src/backends/policykit/PolicyKitBackend.cpp
+++ b/src/backends/policykit/PolicyKitBackend.cpp
@@ -78,6 +78,11 @@ QByteArray PolicyKitBackend::callerID() const
return a;
}
+AuthBackend::ExtraCallerIDVerificationMethod Polkit1Backend::extraCallerIDVerificationMethod() const
+{
+ return VerifyAgainstDBusServicePid;
+}
+
bool PolicyKitBackend::isCallerAuthorized(const QString &action, QByteArray callerID)
{
QDataStream s(&callerID, QIODevice::ReadOnly);
diff --git a/src/backends/policykit/PolicyKitBackend.h b/src/backends/policykit/PolicyKitBackend.h
index eb17a3a..38b0240 100644
--- a/src/backends/policykit/PolicyKitBackend.h
+++ b/src/backends/policykit/PolicyKitBackend.h
@@ -40,6 +40,7 @@ public:
virtual Action::AuthStatus authorizeAction(const QString &);
virtual Action::AuthStatus actionStatus(const QString &);
virtual QByteArray callerID() const;
+ ExtraCallerIDVerificationMethod extraCallerIDVerificationMethod() const Q_DECL_OVERRIDE;
virtual bool isCallerAuthorized(const QString &action, QByteArray callerID);
private Q_SLOTS:
diff --git a/src/backends/polkit-1/Polkit1Backend.cpp b/src/backends/polkit-1/Polkit1Backend.cpp
index 78ee5bb..774588c 100644
--- a/src/backends/polkit-1/Polkit1Backend.cpp
+++ b/src/backends/polkit-1/Polkit1Backend.cpp
@@ -162,6 +162,11 @@ QByteArray Polkit1Backend::callerID() const
return QDBusConnection::systemBus().baseService().toUtf8();
}
+AuthBackend::ExtraCallerIDVerificationMethod Polkit1Backend::extraCallerIDVerificationMethod() const
+{
+ return VerifyAgainstDBusServiceName;
+}
+
bool Polkit1Backend::isCallerAuthorized(const QString &action, QByteArray callerID)
{
PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID));
diff --git a/src/backends/polkit-1/Polkit1Backend.h b/src/backends/polkit-1/Polkit1Backend.h
index d7d1e3a..2357892 100644
--- a/src/backends/polkit-1/Polkit1Backend.h
+++ b/src/backends/polkit-1/Polkit1Backend.h
@@ -49,6 +49,7 @@ public:
Action::AuthStatus authorizeAction(const QString &) Q_DECL_OVERRIDE;
Action::AuthStatus actionStatus(const QString &) Q_DECL_OVERRIDE;
QByteArray callerID() const Q_DECL_OVERRIDE;
+ ExtraCallerIDVerificationMethod extraCallerIDVerificationMethod() const Q_DECL_OVERRIDE;
bool isCallerAuthorized(const QString &action, QByteArray callerID) Q_DECL_OVERRIDE;
bool actionExists(const QString &action) Q_DECL_OVERRIDE;
--
cgit v0.11.2

15
kf5-kauth.spec
Unescape View File

@ -1,7 +1,7 @@
%global framework kauth
Name: kf5-%{framework}
Version: 5.34.0
Version: 5.35.0
Release: 1%{?dist}
Summary: KDE Frameworks 5 Tier 2 integration module to perform actions as privileged user
@ -26,8 +26,6 @@ BuildRequires: qt5-qttools-devel
Requires: kf5-filesystem >= %{version}
# security fix for CVE-2017-8422
Patch1: kauth-5.33.0-2017-8422-local-privilige-escalation.patch
%description
KAuth is a framework to let applications perform actions as a privileged user.
@ -41,7 +39,7 @@ developing applications that use %{name}.
%prep
%autosetup -p 1 -n %{framework}-%{version}
%autosetup -n %{framework}-%{version} -p1
%build
@ -58,15 +56,15 @@ make %{?_smp_mflags} -C %{_target_platform}
%install
make install/fast DESTDIR=%{buildroot} -C %{_target_platform}
%find_lang kauth5_qt --with-qt --all-name
%find_lang %{name} --all-name --with-qt
%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig
%files -f kauth5_qt.lang
%files -f %{name}.lang
%doc README.md
%license COPYING.LIB
%license COPYING*
%{_kf5_libdir}/libKF5Auth.so.5*
%{_kf5_sysconfdir}/dbus-1/system.d/org.kde.kf5auth.conf
%{_kf5_qtplugindir}/kauth/
@ -82,6 +80,9 @@ make install/fast DESTDIR=%{buildroot} -C %{_target_platform}
%changelog
* Sun Jun 04 2017 Rex Dieter <rdieter@fedoraproject.org> - 5.35.0-1
- 5.35.0
* Mon May 15 2017 Rex Dieter <rdieter@fedoraproject.org> - 5.34.0-1
- 5.34.0

2
sources
Unescape View File

@ -1 +1 @@
SHA512 (kauth-5.34.0.tar.xz) = ddd70a297a864e2b4cb522b1bf8482519c3fcd35bc5ba7fc7449d2b1a203b788337e8ea5a8e91b6bcc82c431b98b80f3b48ccad45f1c7529de70f6940e4ab6ea
SHA512 (kauth-5.35.0.tar.xz) = bfd916a048b5e8a8553b3d888fa9079f8fdab1bec36b836e27b8dc1a6cb01dbb4cbaec16cef2faebe4fa39b6e538e1ce2a4ba71c57d5b75aef5cba4323b394e0

Write Preview
Loading…
Cancel
Save