From 4204309872da5cb401cbb2729d9e2d4869a87f42 Mon Sep 17 00:00:00 2001 From: takeshi_hoshina Date: Thu, 22 Oct 2020 14:58:56 +0900 Subject: agl-basesystem 0.1 --- .../polkit/polkit/CVE-2018-19788_p3.patch | 53 ++++++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 external/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/CVE-2018-19788_p3.patch (limited to 'external/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/CVE-2018-19788_p3.patch') diff --git a/external/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/CVE-2018-19788_p3.patch b/external/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/CVE-2018-19788_p3.patch new file mode 100644 index 00000000..b97a6b06 --- /dev/null +++ b/external/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/CVE-2018-19788_p3.patch @@ -0,0 +1,53 @@ +From 0fd5884a943a92aa076fa3276bd83f502dcb934e Mon Sep 17 00:00:00 2001 +From: Matthew Leeds +Date: Tue, 11 Dec 2018 12:04:26 -0800 +Subject: [PATCH 3/3] Allow uid of -1 for a PolkitUnixProcess + +Commit 2cb40c4d5 changed PolkitUnixUser, PolkitUnixGroup, and +PolkitUnixProcess to allow negative values for their uid/gid properties, +since these are values above INT_MAX which wrap around but are still +valid, with the exception of -1 which is not valid. However, +PolkitUnixProcess allows a uid of -1 to be passed to +polkit_unix_process_new_for_owner() which means polkit is expected to +figure out the uid on its own (this happens in the _constructed +function). So this commit removes the check in +polkit_unix_process_set_property() so that new_for_owner() can be used +as documented without producing a critical error message. + +This does not affect the protection against CVE-2018-19788 which is +based on creating a user with a UID up to but not including 4294967295 +(-1). + +CVE: CVE-2018-19788 +Upstream-Status: Backport +[https://gitlab.freedesktop.org/polkit/polkit/commit/c05472b86222a72505adc5eec460493980224ef8] + +Signed-off-by: Dan Tran +--- + src/polkit/polkitunixprocess.c | 9 ++------- + 1 file changed, 2 insertions(+), 7 deletions(-) + +diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c +index b02b258..e2a3c03 100644 +--- a/src/polkit/polkitunixprocess.c ++++ b/src/polkit/polkitunixprocess.c +@@ -159,14 +159,9 @@ polkit_unix_process_set_property (GObject *object, + polkit_unix_process_set_pid (unix_process, g_value_get_int (value)); + break; + +- case PROP_UID: { +- gint val; +- +- val = g_value_get_int (value); +- g_return_if_fail (val != -1); +- polkit_unix_process_set_uid (unix_process, val); ++ case PROP_UID: ++ polkit_unix_process_set_uid (unix_process, g_value_get_int (value)); + break; +- } + + case PROP_START_TIME: + polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value)); +-- +2.22.0.vfs.1.1.57.gbaf16c8 + -- cgit 1.2.3-korg