diff options
Diffstat (limited to 'external/meta-openembedded/meta-oe/recipes-extended/polkit/polkit')
6 files changed, 232 insertions, 683 deletions
diff --git a/external/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0001-make-netgroup-support-configurable.patch b/external/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0001-make-netgroup-support-configurable.patch deleted file mode 100644 index 3b0ef5e5..00000000 --- a/external/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0001-make-netgroup-support-configurable.patch +++ /dev/null @@ -1,93 +0,0 @@ -From 7d5e205aa58a10e7b1ccc2fa75b443508a5c3e18 Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Wed, 20 Jan 2016 04:31:59 +0000 -Subject: [PATCH] make netgroup support configurable - -Disable using innetgr and *netigrent function if not available - -These functions are not available on all libc implementations e.g. musl -doesnt have them. - -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- -Upstream-Status: Pending - -Rebase to 0.115 -Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> ---- - configure.ac | 2 +- - src/polkitbackend/polkitbackendinteractiveauthority.c | 6 +++++- - src/polkitbackend/polkitbackendjsauthority.cpp | 2 ++ - 3 files changed, 8 insertions(+), 2 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 8b3e1b1..1c392df 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -99,7 +99,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"], - [AC_MSG_ERROR([Can't find expat library. Please install expat.])]) - AC_SUBST(EXPAT_LIBS) - --AC_CHECK_FUNCS(clearenv fdatasync) -+AC_CHECK_FUNCS(clearenv fdatasync getnetgrent innetgr) - - if test "x$GCC" = "xyes"; then - LDFLAGS="-Wl,--as-needed $LDFLAGS" -diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c -index cb6fdab..de3f752 100644 ---- a/src/polkitbackend/polkitbackendinteractiveauthority.c -+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c -@@ -2224,7 +2224,7 @@ get_users_in_group (PolkitIdentity *group, - out: - return ret; - } -- -+#if defined HAVE_GETNETGRENT - static GList * - get_users_in_net_group (PolkitIdentity *group, - gboolean include_root) -@@ -2285,6 +2285,8 @@ get_users_in_net_group (PolkitIdentity *group, - return ret; - } - -+#endif -+ - /* ---------------------------------------------------------------------------------------------------- */ - - static void -@@ -2369,10 +2371,12 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, - { - user_identities = g_list_concat (user_identities, get_users_in_group (identity, FALSE)); - } -+#if defined HAVE_GETNETGRENT - else if (POLKIT_IS_UNIX_NETGROUP (identity)) - { - user_identities = g_list_concat (user_identities, get_users_in_net_group (identity, FALSE)); - } -+#endif - else - { - g_warning ("Unsupported identity"); -diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp -index 517f3c6..6042dd2 100644 ---- a/src/polkitbackend/polkitbackendjsauthority.cpp -+++ b/src/polkitbackend/polkitbackendjsauthority.cpp -@@ -1502,6 +1502,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, - user = JS_EncodeString (cx, args[0].toString()); - netgroup = JS_EncodeString (cx, args[1].toString()); - -+#if defined HAVE_INNETGR - if (innetgr (netgroup, - NULL, /* host */ - user, -@@ -1509,6 +1510,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, - { - is_in_netgroup = true; - } -+#endif - - JS_free (cx, netgroup); - JS_free (cx, user); --- -2.7.4 - diff --git a/external/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0003-make-netgroup-support-optional.patch b/external/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0003-make-netgroup-support-optional.patch new file mode 100644 index 00000000..fd725136 --- /dev/null +++ b/external/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0003-make-netgroup-support-optional.patch @@ -0,0 +1,232 @@ +From 21aa2747e8f0048759aab184b07dd6389666d5e6 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Wed, 22 May 2019 13:18:55 -0700 +Subject: [PATCH] make netgroup support optional + +On at least Linux/musl and Linux/uclibc, netgroup +support is not available. PolKit fails to compile on these systems +for that reason. + +This change makes netgroup support conditional on the presence of the +setnetgrent(3) function which is required for the support to work. If +that function is not available on the system, an error will be returned +to the administrator if unix-netgroup: is specified in configuration. + +Fixes bug 50145. + +Closes polkit/polkit#14. +Signed-off-by: A. Wilcox <AWilcox@Wilcox-Tech.com> +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + configure.ac | 2 +- + src/polkit/polkitidentity.c | 16 ++++++++++++++++ + src/polkit/polkitunixnetgroup.c | 3 +++ + .../polkitbackendinteractiveauthority.c | 14 ++++++++------ + src/polkitbackend/polkitbackendjsauthority.cpp | 2 ++ + test/polkit/polkitidentitytest.c | 9 ++++++++- + test/polkit/polkitunixnetgrouptest.c | 3 +++ + .../test-polkitbackendjsauthority.c | 2 ++ + 8 files changed, 43 insertions(+), 8 deletions(-) + +--- a/configure.ac ++++ b/configure.ac +@@ -99,7 +99,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXP + [AC_MSG_ERROR([Can't find expat library. Please install expat.])]) + AC_SUBST(EXPAT_LIBS) + +-AC_CHECK_FUNCS(clearenv fdatasync) ++AC_CHECK_FUNCS(clearenv fdatasync setnetgrent) + + if test "x$GCC" = "xyes"; then + LDFLAGS="-Wl,--as-needed $LDFLAGS" +--- a/src/polkit/polkitidentity.c ++++ b/src/polkit/polkitidentity.c +@@ -182,7 +182,15 @@ polkit_identity_from_string (const gcha + } + else if (g_str_has_prefix (str, "unix-netgroup:")) + { ++#ifndef HAVE_SETNETGRENT ++ g_set_error (error, ++ POLKIT_ERROR, ++ POLKIT_ERROR_FAILED, ++ "Netgroups are not available on this machine ('%s')", ++ str); ++#else + identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1); ++#endif + } + + if (identity == NULL && (error != NULL && *error == NULL)) +@@ -344,6 +352,13 @@ polkit_identity_new_for_gvariant (GVaria + GVariant *v; + const char *name; + ++#ifndef HAVE_SETNETGRENT ++ g_set_error (error, ++ POLKIT_ERROR, ++ POLKIT_ERROR_FAILED, ++ "Netgroups are not available on this machine"); ++ goto out; ++#else + v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error); + if (v == NULL) + { +@@ -353,6 +368,7 @@ polkit_identity_new_for_gvariant (GVaria + name = g_variant_get_string (v, NULL); + ret = polkit_unix_netgroup_new (name); + g_variant_unref (v); ++#endif + } + else + { +--- a/src/polkit/polkitunixnetgroup.c ++++ b/src/polkit/polkitunixnetgroup.c +@@ -194,6 +194,9 @@ polkit_unix_netgroup_set_name (PolkitUni + PolkitIdentity * + polkit_unix_netgroup_new (const gchar *name) + { ++#ifndef HAVE_SETNETGRENT ++ g_assert_not_reached(); ++#endif + g_return_val_if_fail (name != NULL, NULL); + return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP, + "name", name, +--- a/src/polkitbackend/polkitbackendinteractiveauthority.c ++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c +@@ -2233,25 +2233,26 @@ get_users_in_net_group (PolkitIdentity + GList *ret; + + ret = NULL; ++#ifdef HAVE_SETNETGRENT + name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group)); + +-#ifdef HAVE_SETNETGRENT_RETURN ++# ifdef HAVE_SETNETGRENT_RETURN + if (setnetgrent (name) == 0) + { + g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno)); + goto out; + } +-#else ++# else + setnetgrent (name); +-#endif ++# endif /* HAVE_SETNETGRENT_RETURN */ + + for (;;) + { +-#if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) ++# if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) + const char *hostname, *username, *domainname; +-#else ++# else + char *hostname, *username, *domainname; +-#endif ++# endif /* defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) */ + PolkitIdentity *user; + GError *error = NULL; + +@@ -2282,6 +2283,7 @@ get_users_in_net_group (PolkitIdentity + + out: + endnetgrent (); ++#endif /* HAVE_SETNETGRENT */ + return ret; + } + +--- a/src/polkitbackend/polkitbackendjsauthority.cpp ++++ b/src/polkitbackend/polkitbackendjsauthority.cpp +@@ -1502,6 +1502,7 @@ js_polkit_user_is_in_netgroup (JSContext + + JS::CallArgs args = JS::CallArgsFromVp (argc, vp); + ++#ifdef HAVE_SETNETGRENT + JS::RootedString usrstr (authority->priv->cx); + usrstr = args[0].toString(); + user = JS_EncodeStringToUTF8 (cx, usrstr); +@@ -1519,6 +1520,7 @@ js_polkit_user_is_in_netgroup (JSContext + + JS_free (cx, netgroup); + JS_free (cx, user); ++#endif + + ret = true; + +--- a/test/polkit/polkitidentitytest.c ++++ b/test/polkit/polkitidentitytest.c +@@ -19,6 +19,7 @@ + * Author: Nikki VonHollen <vonhollen@google.com> + */ + ++#include "config.h" + #include "glib.h" + #include <polkit/polkit.h> + #include <polkit/polkitprivate.h> +@@ -145,11 +146,15 @@ struct ComparisonTestData comparison_tes + {"unix-group:root", "unix-group:jane", FALSE}, + {"unix-group:jane", "unix-group:jane", TRUE}, + ++#ifdef HAVE_SETNETGRENT + {"unix-netgroup:foo", "unix-netgroup:foo", TRUE}, + {"unix-netgroup:foo", "unix-netgroup:bar", FALSE}, ++#endif + + {"unix-user:root", "unix-group:root", FALSE}, ++#ifdef HAVE_SETNETGRENT + {"unix-user:jane", "unix-netgroup:foo", FALSE}, ++#endif + + {NULL}, + }; +@@ -181,11 +186,13 @@ main (int argc, char *argv[]) + g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane", test_string); + g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users", test_string); + ++#ifdef HAVE_SETNETGRENT + g_test_add_data_func ("/PolkitIdentity/netgroup_string", "unix-netgroup:foo", test_string); ++ g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant); ++#endif + + g_test_add_data_func ("/PolkitIdentity/user_gvariant", "unix-user:root", test_gvariant); + g_test_add_data_func ("/PolkitIdentity/group_gvariant", "unix-group:root", test_gvariant); +- g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant); + + add_comparison_tests (); + +--- a/test/polkit/polkitunixnetgrouptest.c ++++ b/test/polkit/polkitunixnetgrouptest.c +@@ -19,6 +19,7 @@ + * Author: Nikki VonHollen <vonhollen@google.com> + */ + ++#include "config.h" + #include "glib.h" + #include <polkit/polkit.h> + #include <string.h> +@@ -69,7 +70,9 @@ int + main (int argc, char *argv[]) + { + g_test_init (&argc, &argv, NULL); ++#ifdef HAVE_SETNETGRENT + g_test_add_func ("/PolkitUnixNetgroup/new", test_new); + g_test_add_func ("/PolkitUnixNetgroup/set_name", test_set_name); ++#endif + return g_test_run (); + } +--- a/test/polkitbackend/test-polkitbackendjsauthority.c ++++ b/test/polkitbackend/test-polkitbackendjsauthority.c +@@ -137,12 +137,14 @@ test_get_admin_identities (void) + "unix-group:users" + } + }, ++#ifdef HAVE_SETNETGRENT + { + "net.company.action3", + { + "unix-netgroup:foo" + } + }, ++#endif + }; + guint n; + diff --git a/external/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/CVE-2018-19788_p1.patch b/external/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/CVE-2018-19788_p1.patch deleted file mode 100644 index 32ea0bac..00000000 --- a/external/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/CVE-2018-19788_p1.patch +++ /dev/null @@ -1,194 +0,0 @@ -From cd80aa29c85745ca073cf0581ccdcf2f80aa30db Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> -Date: Mon, 3 Dec 2018 10:28:58 +0100 -Subject: [PATCH 1/3] Allow negative uids/gids in PolkitUnixUser and Group - objects - -(uid_t) -1 is still used as placeholder to mean "unset". This is OK, since -there should be no users with such number, see -https://systemd.io/UIDS-GIDS#special-linux-uids. - -(uid_t) -1 is used as the default value in class initialization. - -When a user or group above INT32_MAX is created, the numeric uid or -gid wraps around to negative when the value is assigned to gint, and -polkit gets confused. Let's accept such gids, except for -1. - -A nicer fix would be to change the underlying type to e.g. uint32 to -not have negative values. But this cannot be done without breaking the -API, so likely new functions will have to be added (a -polkit_unix_user_new variant that takes a unsigned, and the same for -_group_new, _set_uid, _get_uid, _set_gid, _get_gid, etc.). This will -require a bigger patch. - -Fixes https://gitlab.freedesktop.org/polkit/polkit/issues/74. - -CVE: CVE-2018-19788 -Upstream-Status: Backport -[https://gitlab.freedesktop.org/polkit/polkit/commit/2cb40c4d5feeaa09325522bd7d97910f1b59e379] - -Signed-off-by: Dan Tran <dantran@microsoft.com> ---- - src/polkit/polkitunixgroup.c | 15 +++++++++++---- - src/polkit/polkitunixprocess.c | 12 ++++++++---- - src/polkit/polkitunixuser.c | 13 ++++++++++--- - 3 files changed, 29 insertions(+), 11 deletions(-) - -diff --git a/src/polkit/polkitunixgroup.c b/src/polkit/polkitunixgroup.c -index c57a1aa..309f689 100644 ---- a/src/polkit/polkitunixgroup.c -+++ b/src/polkit/polkitunixgroup.c -@@ -71,6 +71,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixGroup, polkit_unix_group, G_TYPE_OBJECT, - static void - polkit_unix_group_init (PolkitUnixGroup *unix_group) - { -+ unix_group->gid = -1; /* (git_t) -1 is not a valid GID under Linux */ - } - - static void -@@ -100,11 +101,14 @@ polkit_unix_group_set_property (GObject *object, - GParamSpec *pspec) - { - PolkitUnixGroup *unix_group = POLKIT_UNIX_GROUP (object); -+ gint val; - - switch (prop_id) - { - case PROP_GID: -- unix_group->gid = g_value_get_int (value); -+ val = g_value_get_int (value); -+ g_return_if_fail (val != -1); -+ unix_group->gid = val; - break; - - default: -@@ -131,9 +135,9 @@ polkit_unix_group_class_init (PolkitUnixGroupClass *klass) - g_param_spec_int ("gid", - "Group ID", - "The UNIX group ID", -- 0, -+ G_MININT, - G_MAXINT, -- 0, -+ -1, - G_PARAM_CONSTRUCT | - G_PARAM_READWRITE | - G_PARAM_STATIC_NAME | -@@ -166,9 +170,10 @@ polkit_unix_group_get_gid (PolkitUnixGroup *group) - */ - void - polkit_unix_group_set_gid (PolkitUnixGroup *group, -- gint gid) -+ gint gid) - { - g_return_if_fail (POLKIT_IS_UNIX_GROUP (group)); -+ g_return_if_fail (gid != -1); - group->gid = gid; - } - -@@ -183,6 +188,8 @@ polkit_unix_group_set_gid (PolkitUnixGroup *group, - PolkitIdentity * - polkit_unix_group_new (gint gid) - { -+ g_return_val_if_fail (gid != -1, NULL); -+ - return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_GROUP, - "gid", gid, - NULL)); -diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c -index 972b777..b02b258 100644 ---- a/src/polkit/polkitunixprocess.c -+++ b/src/polkit/polkitunixprocess.c -@@ -159,9 +159,14 @@ polkit_unix_process_set_property (GObject *object, - polkit_unix_process_set_pid (unix_process, g_value_get_int (value)); - break; - -- case PROP_UID: -- polkit_unix_process_set_uid (unix_process, g_value_get_int (value)); -+ case PROP_UID: { -+ gint val; -+ -+ val = g_value_get_int (value); -+ g_return_if_fail (val != -1); -+ polkit_unix_process_set_uid (unix_process, val); - break; -+ } - - case PROP_START_TIME: - polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value)); -@@ -239,7 +244,7 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass) - g_param_spec_int ("uid", - "User ID", - "The UNIX user ID", -- -1, -+ G_MININT, - G_MAXINT, - -1, - G_PARAM_CONSTRUCT | -@@ -303,7 +308,6 @@ polkit_unix_process_set_uid (PolkitUnixProcess *process, - gint uid) - { - g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process)); -- g_return_if_fail (uid >= -1); - process->uid = uid; - } - -diff --git a/src/polkit/polkitunixuser.c b/src/polkit/polkitunixuser.c -index 8bfd3a1..234a697 100644 ---- a/src/polkit/polkitunixuser.c -+++ b/src/polkit/polkitunixuser.c -@@ -72,6 +72,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixUser, polkit_unix_user, G_TYPE_OBJECT, - static void - polkit_unix_user_init (PolkitUnixUser *unix_user) - { -+ unix_user->uid = -1; /* (uid_t) -1 is not a valid UID under Linux */ - unix_user->name = NULL; - } - -@@ -112,11 +113,14 @@ polkit_unix_user_set_property (GObject *object, - GParamSpec *pspec) - { - PolkitUnixUser *unix_user = POLKIT_UNIX_USER (object); -+ gint val; - - switch (prop_id) - { - case PROP_UID: -- unix_user->uid = g_value_get_int (value); -+ val = g_value_get_int (value); -+ g_return_if_fail (val != -1); -+ unix_user->uid = val; - break; - - default: -@@ -144,9 +148,9 @@ polkit_unix_user_class_init (PolkitUnixUserClass *klass) - g_param_spec_int ("uid", - "User ID", - "The UNIX user ID", -- 0, -+ G_MININT, - G_MAXINT, -- 0, -+ -1, - G_PARAM_CONSTRUCT | - G_PARAM_READWRITE | - G_PARAM_STATIC_NAME | -@@ -182,6 +186,7 @@ polkit_unix_user_set_uid (PolkitUnixUser *user, - gint uid) - { - g_return_if_fail (POLKIT_IS_UNIX_USER (user)); -+ g_return_if_fail (uid != -1); - user->uid = uid; - } - -@@ -196,6 +201,8 @@ polkit_unix_user_set_uid (PolkitUnixUser *user, - PolkitIdentity * - polkit_unix_user_new (gint uid) - { -+ g_return_val_if_fail (uid != -1, NULL); -+ - return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_USER, - "uid", uid, - NULL)); --- -2.22.0.vfs.1.1.57.gbaf16c8 diff --git a/external/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/CVE-2018-19788_p2.patch b/external/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/CVE-2018-19788_p2.patch deleted file mode 100644 index 097dfd92..00000000 --- a/external/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/CVE-2018-19788_p2.patch +++ /dev/null @@ -1,153 +0,0 @@ -From 17f18d9f81d99b014c680e7e50198d7f190b804e Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> -Date: Mon, 3 Dec 2018 11:20:34 +0100 -Subject: [PATCH 2/3] tests: add tests for high uids - -CVE: CVE-2018-19788 -Upstream-Status: Backport -[https://gitlab.freedesktop.org/polkit/polkit/commit/b534a10727455409acd54018a9c91000e7626126] - -Signed-off-by: Dan Tran <dantran@microsoft.com> ---- - test/data/etc/group | 1 + - test/data/etc/passwd | 2 + - .../etc/polkit-1/rules.d/10-testing.rules | 21 ++++++ - .../test-polkitbackendjsauthority.c | 72 +++++++++++++++++++ - 4 files changed, 96 insertions(+) - -diff --git a/test/data/etc/group b/test/data/etc/group -index 12ef328..b9acab9 100644 ---- a/test/data/etc/group -+++ b/test/data/etc/group -@@ -5,3 +5,4 @@ john:x:500: - jane:x:501: - sally:x:502: - henry:x:503: -+highuid2:x:4000000000: -diff --git a/test/data/etc/passwd b/test/data/etc/passwd -index 8544feb..5cf14a5 100644 ---- a/test/data/etc/passwd -+++ b/test/data/etc/passwd -@@ -3,3 +3,5 @@ john:x:500:500:John Done:/home/john:/bin/bash - jane:x:501:501:Jane Smith:/home/jane:/bin/bash - sally:x:502:502:Sally Derp:/home/sally:/bin/bash - henry:x:503:503:Henry Herp:/home/henry:/bin/bash -+highuid1:x:2147483648:2147483648:The first high uid:/home/highuid1:/sbin/nologin -+highuid2:x:4000000000:4000000000:An example high uid:/home/example:/sbin/nologin -diff --git a/test/data/etc/polkit-1/rules.d/10-testing.rules b/test/data/etc/polkit-1/rules.d/10-testing.rules -index 446e622..98bf062 100644 ---- a/test/data/etc/polkit-1/rules.d/10-testing.rules -+++ b/test/data/etc/polkit-1/rules.d/10-testing.rules -@@ -53,6 +53,27 @@ polkit.addRule(function(action, subject) { - } - }); - -+polkit.addRule(function(action, subject) { -+ if (action.id == "net.company.john_action") { -+ if (subject.user == "john") { -+ return polkit.Result.YES; -+ } else { -+ return polkit.Result.NO; -+ } -+ } -+}); -+ -+polkit.addRule(function(action, subject) { -+ if (action.id == "net.company.highuid2_action") { -+ if (subject.user == "highuid2") { -+ return polkit.Result.YES; -+ } else { -+ return polkit.Result.NO; -+ } -+ } -+}); -+ -+ - // --------------------------------------------------------------------- - // variables - -diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c b/test/polkitbackend/test-polkitbackendjsauthority.c -index b484a26..71aad23 100644 ---- a/test/polkitbackend/test-polkitbackendjsauthority.c -+++ b/test/polkitbackend/test-polkitbackendjsauthority.c -@@ -330,6 +330,78 @@ static const RulesTestCase rules_test_cases[] = { - NULL, - POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED, - }, -+ -+ { -+ /* highuid1 is not a member of group 'users', see test/data/etc/group */ -+ "group_membership_with_non_member(highuid22)", -+ "net.company.group.only_group_users", -+ "unix-user:highuid2", -+ NULL, -+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED, -+ }, -+ -+ { -+ /* highuid2 is not a member of group 'users', see test/data/etc/group */ -+ "group_membership_with_non_member(highuid21)", -+ "net.company.group.only_group_users", -+ "unix-user:highuid2", -+ NULL, -+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED, -+ }, -+ -+ { -+ /* highuid1 is not a member of group 'users', see test/data/etc/group */ -+ "group_membership_with_non_member(highuid24)", -+ "net.company.group.only_group_users", -+ "unix-user:2147483648", -+ NULL, -+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED, -+ }, -+ -+ { -+ /* highuid2 is not a member of group 'users', see test/data/etc/group */ -+ "group_membership_with_non_member(highuid23)", -+ "net.company.group.only_group_users", -+ "unix-user:4000000000", -+ NULL, -+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED, -+ }, -+ -+ { -+ /* john is authorized to do this, see 10-testing.rules */ -+ "john_action", -+ "net.company.john_action", -+ "unix-user:john", -+ NULL, -+ POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED, -+ }, -+ -+ { -+ /* only john is authorized to do this, see 10-testing.rules */ -+ "jane_action", -+ "net.company.john_action", -+ "unix-user:jane", -+ NULL, -+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED, -+ }, -+ -+ { -+ /* highuid2 is authorized to do this, see 10-testing.rules */ -+ "highuid2_action", -+ "net.company.highuid2_action", -+ "unix-user:highuid2", -+ NULL, -+ POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED, -+ }, -+ -+ { -+ /* only highuid2 is authorized to do this, see 10-testing.rules */ -+ "highuid1_action", -+ "net.company.highuid2_action", -+ "unix-user:highuid1", -+ NULL, -+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED, -+ }, - }; - - /* ---------------------------------------------------------------------------------------------------- */ --- -2.22.0.vfs.1.1.57.gbaf16c8 diff --git a/external/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/CVE-2018-19788_p3.patch b/external/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/CVE-2018-19788_p3.patch deleted file mode 100644 index b97a6b06..00000000 --- a/external/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/CVE-2018-19788_p3.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 0fd5884a943a92aa076fa3276bd83f502dcb934e Mon Sep 17 00:00:00 2001 -From: Matthew Leeds <matthew.leeds@endlessm.com> -Date: Tue, 11 Dec 2018 12:04:26 -0800 -Subject: [PATCH 3/3] Allow uid of -1 for a PolkitUnixProcess - -Commit 2cb40c4d5 changed PolkitUnixUser, PolkitUnixGroup, and -PolkitUnixProcess to allow negative values for their uid/gid properties, -since these are values above INT_MAX which wrap around but are still -valid, with the exception of -1 which is not valid. However, -PolkitUnixProcess allows a uid of -1 to be passed to -polkit_unix_process_new_for_owner() which means polkit is expected to -figure out the uid on its own (this happens in the _constructed -function). So this commit removes the check in -polkit_unix_process_set_property() so that new_for_owner() can be used -as documented without producing a critical error message. - -This does not affect the protection against CVE-2018-19788 which is -based on creating a user with a UID up to but not including 4294967295 -(-1). - -CVE: CVE-2018-19788 -Upstream-Status: Backport -[https://gitlab.freedesktop.org/polkit/polkit/commit/c05472b86222a72505adc5eec460493980224ef8] - -Signed-off-by: Dan Tran <dantran@microsoft.com> ---- - src/polkit/polkitunixprocess.c | 9 ++------- - 1 file changed, 2 insertions(+), 7 deletions(-) - -diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c -index b02b258..e2a3c03 100644 ---- a/src/polkit/polkitunixprocess.c -+++ b/src/polkit/polkitunixprocess.c -@@ -159,14 +159,9 @@ polkit_unix_process_set_property (GObject *object, - polkit_unix_process_set_pid (unix_process, g_value_get_int (value)); - break; - -- case PROP_UID: { -- gint val; -- -- val = g_value_get_int (value); -- g_return_if_fail (val != -1); -- polkit_unix_process_set_uid (unix_process, val); -+ case PROP_UID: -+ polkit_unix_process_set_uid (unix_process, g_value_get_int (value)); - break; -- } - - case PROP_START_TIME: - polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value)); --- -2.22.0.vfs.1.1.57.gbaf16c8 - diff --git a/external/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/CVE-2019-6133.patch b/external/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/CVE-2019-6133.patch deleted file mode 100644 index 6fd20dc7..00000000 --- a/external/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/CVE-2019-6133.patch +++ /dev/null @@ -1,190 +0,0 @@ -From 6cc6aafee135ba44ea748250d7d29b562ca190e3 Mon Sep 17 00:00:00 2001 -From: Colin Walters <walters@verbum.org> -Date: Fri, 4 Jan 2019 14:24:48 -0500 -Subject: [PATCH] backend: Compare PolkitUnixProcess uids for temporary - authorizations - -It turns out that the combination of `(pid, start time)` is not -enough to be unique. For temporary authorizations, we can avoid -separate users racing on pid reuse by simply comparing the uid. - -https://bugs.chromium.org/p/project-zero/issues/detail?id=1692 - -And the above original email report is included in full in a new comment. - -Reported-by: Jann Horn <jannh@google.com> - -Closes: https://gitlab.freedesktop.org/polkit/polkit/issues/75 - -CVE: CVE-2019-6133 -Upstream-Status: Backport [https://gitlab.freedesktop.org/polkit/polkit.git] - -Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> ---- - src/polkit/polkitsubject.c | 2 + - src/polkit/polkitunixprocess.c | 71 ++++++++++++++++++- - .../polkitbackendinteractiveauthority.c | 39 +++++++++- - 3 files changed, 110 insertions(+), 2 deletions(-) - -diff --git a/src/polkit/polkitsubject.c b/src/polkit/polkitsubject.c -index d4c1182..ccabd0a 100644 ---- a/src/polkit/polkitsubject.c -+++ b/src/polkit/polkitsubject.c -@@ -99,6 +99,8 @@ polkit_subject_hash (PolkitSubject *subject) - * @b: A #PolkitSubject. - * - * Checks if @a and @b are equal, ie. represent the same subject. -+ * However, avoid calling polkit_subject_equal() to compare two processes; -+ * for more information see the `PolkitUnixProcess` documentation. - * - * This function can be used in e.g. g_hash_table_new(). - * -diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c -index b02b258..78d7251 100644 ---- a/src/polkit/polkitunixprocess.c -+++ b/src/polkit/polkitunixprocess.c -@@ -51,7 +51,10 @@ - * @title: PolkitUnixProcess - * @short_description: Unix processs - * -- * An object for representing a UNIX process. -+ * An object for representing a UNIX process. NOTE: This object as -+ * designed is now known broken; a mechanism to exploit a delay in -+ * start time in the Linux kernel was identified. Avoid -+ * calling polkit_subject_equal() to compare two processes. - * - * To uniquely identify processes, both the process id and the start - * time of the process (a monotonic increasing value representing the -@@ -66,6 +69,72 @@ - * polkit_unix_process_new_for_owner() with trusted data. - */ - -+/* See https://gitlab.freedesktop.org/polkit/polkit/issues/75 -+ -+ But quoting the original email in full here to ensure it's preserved: -+ -+ From: Jann Horn <jannh@google.com> -+ Subject: [SECURITY] polkit: temporary auth hijacking via PID reuse and non-atomic fork -+ Date: Wednesday, October 10, 2018 5:34 PM -+ -+When a (non-root) user attempts to e.g. control systemd units in the system -+instance from an active session over DBus, the access is gated by a polkit -+policy that requires "auth_admin_keep" auth. This results in an auth prompt -+being shown to the user, asking the user to confirm the action by entering the -+password of an administrator account. -+ -+After the action has been confirmed, the auth decision for "auth_admin_keep" is -+cached for up to five minutes. Subject to some restrictions, similar actions can -+then be performed in this timespan without requiring re-auth: -+ -+ - The PID of the DBus client requesting the new action must match the PID of -+ the DBus client requesting the old action (based on SO_PEERCRED information -+ forwarded by the DBus daemon). -+ - The "start time" of the client's PID (as seen in /proc/$pid/stat, field 22) -+ must not have changed. The granularity of this timestamp is in the -+ millisecond range. -+ - polkit polls every two seconds whether a process with the expected start time -+ still exists. If not, the temporary auth entry is purged. -+ -+Without the start time check, this would obviously be buggy because an attacker -+could simply wait for the legitimate client to disappear, then create a new -+client with the same PID. -+ -+Unfortunately, the start time check is bypassable because fork() is not atomic. -+Looking at the source code of copy_process() in the kernel: -+ -+ p->start_time = ktime_get_ns(); -+ p->real_start_time = ktime_get_boot_ns(); -+ [...] -+ retval = copy_thread_tls(clone_flags, stack_start, stack_size, p, tls); -+ if (retval) -+ goto bad_fork_cleanup_io; -+ -+ if (pid != &init_struct_pid) { -+ pid = alloc_pid(p->nsproxy->pid_ns_for_children); -+ if (IS_ERR(pid)) { -+ retval = PTR_ERR(pid); -+ goto bad_fork_cleanup_thread; -+ } -+ } -+ -+The ktime_get_boot_ns() call is where the "start time" of the process is -+recorded. The alloc_pid() call is where a free PID is allocated. In between -+these, some time passes; and because the copy_thread_tls() call between them can -+access userspace memory when sys_clone() is invoked through the 32-bit syscall -+entry point, an attacker can even stall the kernel arbitrarily long at this -+point (by supplying a pointer into userspace memory that is associated with a -+userfaultfd or is backed by a custom FUSE filesystem). -+ -+This means that an attacker can immediately call sys_clone() when the victim -+process is created, often resulting in a process that has the exact same start -+time reported in procfs; and then the attacker can delay the alloc_pid() call -+until after the victim process has died and the PID assignment has cycled -+around. This results in an attacker process that polkit can't distinguish from -+the victim process. -+*/ -+ -+ - /** - * PolkitUnixProcess: - * -diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c -index a1630b9..80e8141 100644 ---- a/src/polkitbackend/polkitbackendinteractiveauthority.c -+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c -@@ -3031,6 +3031,43 @@ temporary_authorization_store_free (TemporaryAuthorizationStore *store) - g_free (store); - } - -+/* See the comment at the top of polkitunixprocess.c */ -+static gboolean -+subject_equal_for_authz (PolkitSubject *a, -+ PolkitSubject *b) -+{ -+ if (!polkit_subject_equal (a, b)) -+ return FALSE; -+ -+ /* Now special case unix processes, as we want to protect against -+ * pid reuse by including the UID. -+ */ -+ if (POLKIT_IS_UNIX_PROCESS (a) && POLKIT_IS_UNIX_PROCESS (b)) { -+ PolkitUnixProcess *ap = (PolkitUnixProcess*)a; -+ int uid_a = polkit_unix_process_get_uid ((PolkitUnixProcess*)a); -+ PolkitUnixProcess *bp = (PolkitUnixProcess*)b; -+ int uid_b = polkit_unix_process_get_uid ((PolkitUnixProcess*)b); -+ -+ if (uid_a != -1 && uid_b != -1) -+ { -+ if (uid_a == uid_b) -+ { -+ return TRUE; -+ } -+ else -+ { -+ g_printerr ("denying slowfork; pid %d uid %d != %d!\n", -+ polkit_unix_process_get_pid (ap), -+ uid_a, uid_b); -+ return FALSE; -+ } -+ } -+ /* Fall through; one of the uids is unset so we can't reliably compare */ -+ } -+ -+ return TRUE; -+} -+ - static gboolean - temporary_authorization_store_has_authorization (TemporaryAuthorizationStore *store, - PolkitSubject *subject, -@@ -3073,7 +3110,7 @@ temporary_authorization_store_has_authorization (TemporaryAuthorizationStore *st - TemporaryAuthorization *authorization = l->data; - - if (strcmp (action_id, authorization->action_id) == 0 && -- polkit_subject_equal (subject_to_use, authorization->subject)) -+ subject_equal_for_authz (subject_to_use, authorization->subject)) - { - ret = TRUE; - if (out_tmp_authz_id != NULL) --- -2.20.1 - |