summary refs log tree commit diff
path: root/gnu/packages/patches/polkit-CVE-2021-4034.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/polkit-CVE-2021-4034.patch')
-rw-r--r--gnu/packages/patches/polkit-CVE-2021-4034.patch82
1 files changed, 0 insertions, 82 deletions
diff --git a/gnu/packages/patches/polkit-CVE-2021-4034.patch b/gnu/packages/patches/polkit-CVE-2021-4034.patch
deleted file mode 100644
index ca766cb3be..0000000000
--- a/gnu/packages/patches/polkit-CVE-2021-4034.patch
+++ /dev/null
@@ -1,82 +0,0 @@
-Fixes CVE-2021-4034, local privilege escalation with 'pkexec':
-
-  https://www.openwall.com/lists/oss-security/2022/01/25/11
-
-Patch from <https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683>.
-
-From a2bf5c9c83b6ae46cbd5c779d3055bff81ded683 Mon Sep 17 00:00:00 2001
-From: Jan Rybar <jrybar@redhat.com>
-Date: Tue, 25 Jan 2022 17:21:46 +0000
-Subject: [PATCH] pkexec: local privilege escalation (CVE-2021-4034)
-
----
- src/programs/pkcheck.c |  5 +++++
- src/programs/pkexec.c  | 23 ++++++++++++++++++++---
- 2 files changed, 25 insertions(+), 3 deletions(-)
-
-diff --git a/src/programs/pkcheck.c b/src/programs/pkcheck.c
-index f1bb4e1..768525c 100644
---- a/src/programs/pkcheck.c
-+++ b/src/programs/pkcheck.c
-@@ -363,6 +363,11 @@ main (int argc, char *argv[])
-   local_agent_handle = NULL;
-   ret = 126;
- 
-+  if (argc < 1)
-+    {
-+      exit(126);
-+    }
-+
-   /* Disable remote file access from GIO. */
-   setenv ("GIO_USE_VFS", "local", 1);
- 
-diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c
-index 7698c5c..84e5ef6 100644
---- a/src/programs/pkexec.c
-+++ b/src/programs/pkexec.c
-@@ -488,6 +488,15 @@ main (int argc, char *argv[])
-   pid_t pid_of_caller;
-   gpointer local_agent_handle;
- 
-+
-+  /*
-+   * If 'pkexec' is called THIS wrong, someone's probably evil-doing. Don't be nice, just bail out.
-+   */
-+  if (argc<1)
-+    {
-+      exit(127);
-+    }
-+
-   ret = 127;
-   authority = NULL;
-   subject = NULL;
-@@ -614,10 +623,10 @@ main (int argc, char *argv[])
- 
-       path = g_strdup (pwstruct.pw_shell);
-       if (!path)
--	{
-+        {
-           g_printerr ("No shell configured or error retrieving pw_shell\n");
-           goto out;
--	}
-+        }
-       /* If you change this, be sure to change the if (!command_line)
- 	 case below too */
-       command_line = g_strdup (path);
-@@ -636,7 +645,15 @@ main (int argc, char *argv[])
-           goto out;
-         }
-       g_free (path);
--      argv[n] = path = s;
-+      path = s;
-+
-+      /* argc<2 and pkexec runs just shell, argv is guaranteed to be null-terminated.
-+       * /-less shell shouldn't happen, but let's be defensive and don't write to null-termination
-+       */
-+      if (argv[n] != NULL)
-+      {
-+        argv[n] = path;
-+      }
-     }
-   if (access (path, F_OK) != 0)
-     {
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-12-12 23:02:49 +0000