* [Buildroot] [PATCH 2/5] package/gvfs: fix CVE-2019-12448
2020-03-29 16:02 [Buildroot] [PATCH 1/5] package/gvfs: fix CVE-2019-3827 Fabrice Fontaine
@ 2020-03-29 16:02 ` Fabrice Fontaine
2020-03-29 16:02 ` [Buildroot] [PATCH 3/5] package/gvfs: fix CVE-2019-12447 Fabrice Fontaine
` (4 subsequent siblings)
5 siblings, 0 replies; 9+ messages in thread
From: Fabrice Fontaine @ 2020-03-29 16:02 UTC (permalink / raw)
To: buildroot
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2.
daemon/gvfsbackendadmin.c has race conditions because the admin backend
doesn't implement query_info_on_read/write.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
...ery_info_on_read-write-functionality.patch | 131 ++++++++++++++++++
package/gvfs/gvfs.mk | 3 +
2 files changed, 134 insertions(+)
create mode 100644 package/gvfs/0002-admin-Add-query_info_on_read-write-functionality.patch
diff --git a/package/gvfs/0002-admin-Add-query_info_on_read-write-functionality.patch b/package/gvfs/0002-admin-Add-query_info_on_read-write-functionality.patch
new file mode 100644
index 0000000000..79a11035de
--- /dev/null
+++ b/package/gvfs/0002-admin-Add-query_info_on_read-write-functionality.patch
@@ -0,0 +1,131 @@
+From 5cd76d627f4d1982b6e77a0e271ef9301732d09e Mon Sep 17 00:00:00 2001
+From: Ondrej Holy <oholy@redhat.com>
+Date: Thu, 23 May 2019 10:24:36 +0200
+Subject: [PATCH] admin: Add query_info_on_read/write functionality
+
+Admin backend doesn't implement query_info_on_read/write which might
+potentially lead to some race conditions which aren't really wanted
+especially in case of admin backend. Let's add this missing functionality.
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+[Retrieved fom:
+https://gitlab.gnome.org/GNOME/gvfs/commit/5cd76d627f4d1982b6e77a0e271ef9301732d09e]
+---
+ daemon/gvfsbackendadmin.c | 79 +++++++++++++++++++++++++++++++++------
+ 1 file changed, 67 insertions(+), 12 deletions(-)
+
+diff --git a/daemon/gvfsbackendadmin.c b/daemon/gvfsbackendadmin.c
+index 65a979e7..23d16f16 100644
+--- a/daemon/gvfsbackendadmin.c
++++ b/daemon/gvfsbackendadmin.c
+@@ -42,6 +42,8 @@
+ #include "gvfsjobopenforwrite.h"
+ #include "gvfsjobqueryattributes.h"
+ #include "gvfsjobqueryinfo.h"
++#include "gvfsjobqueryinforead.h"
++#include "gvfsjobqueryinfowrite.h"
+ #include "gvfsjobread.h"
+ #include "gvfsjobseekread.h"
+ #include "gvfsjobseekwrite.h"
+@@ -155,6 +157,19 @@ complete_job (GVfsJob *job,
+ g_vfs_job_succeeded (job);
+ }
+
++static void
++fix_file_info (GFileInfo *info)
++{
++ /* Override read/write flags, since the above call will use access()
++ * to determine permissions, which does not honor our privileged
++ * capabilities.
++ */
++ g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_READ, TRUE);
++ g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_WRITE, TRUE);
++ g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_DELETE, TRUE);
++ g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_RENAME, TRUE);
++}
++
+ static void
+ do_query_info (GVfsBackend *backend,
+ GVfsJobQueryInfo *query_info_job,
+@@ -180,19 +195,57 @@ do_query_info (GVfsBackend *backend,
+ if (error != NULL)
+ goto out;
+
+- /* Override read/write flags, since the above call will use access()
+- * to determine permissions, which does not honor our privileged
+- * capabilities.
+- */
+- g_file_info_set_attribute_boolean (real_info,
+- G_FILE_ATTRIBUTE_ACCESS_CAN_READ, TRUE);
+- g_file_info_set_attribute_boolean (real_info,
+- G_FILE_ATTRIBUTE_ACCESS_CAN_WRITE, TRUE);
+- g_file_info_set_attribute_boolean (real_info,
+- G_FILE_ATTRIBUTE_ACCESS_CAN_DELETE, TRUE);
+- g_file_info_set_attribute_boolean (real_info,
+- G_FILE_ATTRIBUTE_ACCESS_CAN_RENAME, TRUE);
++ fix_file_info (real_info);
++ g_file_info_copy_into (real_info, info);
++ g_object_unref (real_info);
++
++ out:
++ complete_job (job, error);
++}
++
++static void
++do_query_info_on_read (GVfsBackend *backend,
++ GVfsJobQueryInfoRead *query_info_job,
++ GVfsBackendHandle handle,
++ GFileInfo *info,
++ GFileAttributeMatcher *matcher)
++{
++ GVfsJob *job = G_VFS_JOB (query_info_job);
++ GFileInputStream *stream = handle;
++ GError *error = NULL;
++ GFileInfo *real_info;
++
++ real_info = g_file_input_stream_query_info (stream, query_info_job->attributes,
++ job->cancellable, &error);
++ if (error != NULL)
++ goto out;
++
++ fix_file_info (real_info);
++ g_file_info_copy_into (real_info, info);
++ g_object_unref (real_info);
++
++ out:
++ complete_job (job, error);
++}
++
++static void
++do_query_info_on_write (GVfsBackend *backend,
++ GVfsJobQueryInfoWrite *query_info_job,
++ GVfsBackendHandle handle,
++ GFileInfo *info,
++ GFileAttributeMatcher *matcher)
++{
++ GVfsJob *job = G_VFS_JOB (query_info_job);
++ GFileOutputStream *stream = handle;
++ GError *error = NULL;
++ GFileInfo *real_info;
++
++ real_info = g_file_output_stream_query_info (stream, query_info_job->attributes,
++ job->cancellable, &error);
++ if (error != NULL)
++ goto out;
+
++ fix_file_info (real_info);
+ g_file_info_copy_into (real_info, info);
+ g_object_unref (real_info);
+
+@@ -868,6 +921,8 @@ g_vfs_backend_admin_class_init (GVfsBackendAdminClass * klass)
+ backend_class->mount = do_mount;
+ backend_class->open_for_read = do_open_for_read;
+ backend_class->query_info = do_query_info;
++ backend_class->query_info_on_read = do_query_info_on_read;
++ backend_class->query_info_on_write = do_query_info_on_write;
+ backend_class->read = do_read;
+ backend_class->create = do_create;
+ backend_class->append_to = do_append_to;
+--
+2.24.1
+
diff --git a/package/gvfs/gvfs.mk b/package/gvfs/gvfs.mk
index 6c927fa345..eb31f6f8df 100644
--- a/package/gvfs/gvfs.mk
+++ b/package/gvfs/gvfs.mk
@@ -18,6 +18,9 @@ GVFS_LIBS = $(TARGET_NLS_LIBS)
# 0001-admin-Prevent-access-if-any-authentication-agent-isn-t-available.patch
GVFS_IGNORE_CVES += CVE-2019-3827
+# package/gvfs/0002-admin-Add-query_info_on_read-write-functionality.patch
+GVFS_IGNORE_CVES += CVE-2019-12448
+
# Export ac_cv_path_LIBGCRYPT_CONFIG unconditionally to prevent
# build system from searching the host paths.
GVFS_CONF_ENV = \
--
2.25.1
^ permalink raw reply related [flat|nested] 9+ messages in thread* [Buildroot] [PATCH 3/5] package/gvfs: fix CVE-2019-12447
2020-03-29 16:02 [Buildroot] [PATCH 1/5] package/gvfs: fix CVE-2019-3827 Fabrice Fontaine
2020-03-29 16:02 ` [Buildroot] [PATCH 2/5] package/gvfs: fix CVE-2019-12448 Fabrice Fontaine
@ 2020-03-29 16:02 ` Fabrice Fontaine
2020-03-29 16:02 ` [Buildroot] [PATCH 4/5] package/gvfs: fix CVE-2019-12449 Fabrice Fontaine
` (3 subsequent siblings)
5 siblings, 0 replies; 9+ messages in thread
From: Fabrice Fontaine @ 2020-03-29 16:02 UTC (permalink / raw)
To: buildroot
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2.
daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is
not used.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
...0003-admin-Allow-changing-file-owner.patch | 34 +++++++
...uid-to-ensure-correct-file-ownership.patch | 91 +++++++++++++++++++
package/gvfs/gvfs.mk | 4 +
3 files changed, 129 insertions(+)
create mode 100644 package/gvfs/0003-admin-Allow-changing-file-owner.patch
create mode 100644 package/gvfs/0004-admin-Use-fsuid-to-ensure-correct-file-ownership.patch
diff --git a/package/gvfs/0003-admin-Allow-changing-file-owner.patch b/package/gvfs/0003-admin-Allow-changing-file-owner.patch
new file mode 100644
index 0000000000..6465693283
--- /dev/null
+++ b/package/gvfs/0003-admin-Allow-changing-file-owner.patch
@@ -0,0 +1,34 @@
+From daf1163aba229afcfddf0f925aef7e97047e8959 Mon Sep 17 00:00:00 2001
+From: Ondrej Holy <oholy@redhat.com>
+Date: Thu, 23 May 2019 10:29:08 +0200
+Subject: [PATCH] admin: Allow changing file owner
+
+CAP_CHOWN is dropped together with other privilages and thus the backend
+can't change file owner. This might be probably e.g. in case of copy
+operation when G_FILE_COPY_ALL_METADATA is used. Let's keep CAP_CHOWN
+to fix this.
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+[Retrieved from:
+https://gitlab.gnome.org/GNOME/gvfs/commit/daf1163aba229afcfddf0f925aef7e97047e8959]
+---
+ daemon/gvfsbackendadmin.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/daemon/gvfsbackendadmin.c b/daemon/gvfsbackendadmin.c
+index 23d16f16..a74d09cf 100644
+--- a/daemon/gvfsbackendadmin.c
++++ b/daemon/gvfsbackendadmin.c
+@@ -968,7 +968,8 @@ g_vfs_backend_admin_init (GVfsBackendAdmin *self)
+
+ #define REQUIRED_CAPS (CAP_TO_MASK(CAP_FOWNER) | \
+ CAP_TO_MASK(CAP_DAC_OVERRIDE) | \
+- CAP_TO_MASK(CAP_DAC_READ_SEARCH))
++ CAP_TO_MASK(CAP_DAC_READ_SEARCH) | \
++ CAP_TO_MASK(CAP_CHOWN))
+
+ static void
+ acquire_caps (uid_t uid)
+--
+2.24.1
+
diff --git a/package/gvfs/0004-admin-Use-fsuid-to-ensure-correct-file-ownership.patch b/package/gvfs/0004-admin-Use-fsuid-to-ensure-correct-file-ownership.patch
new file mode 100644
index 0000000000..a4343ee897
--- /dev/null
+++ b/package/gvfs/0004-admin-Use-fsuid-to-ensure-correct-file-ownership.patch
@@ -0,0 +1,91 @@
+From 3895e09d784ebec0fbc4614d5c37068736120e1d Mon Sep 17 00:00:00 2001
+From: Ondrej Holy <oholy@redhat.com>
+Date: Thu, 23 May 2019 10:33:30 +0200
+Subject: [PATCH] admin: Use fsuid to ensure correct file ownership
+
+Files created over admin backend should be owned by root, but they are
+owned by the user itself. This is because the daemon drops the uid to
+make dbus connection work. Use fsuid and euid to fix this issue.
+
+Closes: https://gitlab.gnome.org/GNOME/gvfs/issues/21
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+[Retrieved from:
+https://gitlab.gnome.org/GNOME/gvfs/commit/3895e09d784ebec0fbc4614d5c37068736120e1d]
+---
+ daemon/gvfsbackendadmin.c | 29 +++++++----------------------
+ 1 file changed, 7 insertions(+), 22 deletions(-)
+
+diff --git a/daemon/gvfsbackendadmin.c b/daemon/gvfsbackendadmin.c
+index a74d09cf..32b51b1a 100644
+--- a/daemon/gvfsbackendadmin.c
++++ b/daemon/gvfsbackendadmin.c
+@@ -157,19 +157,6 @@ complete_job (GVfsJob *job,
+ g_vfs_job_succeeded (job);
+ }
+
+-static void
+-fix_file_info (GFileInfo *info)
+-{
+- /* Override read/write flags, since the above call will use access()
+- * to determine permissions, which does not honor our privileged
+- * capabilities.
+- */
+- g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_READ, TRUE);
+- g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_WRITE, TRUE);
+- g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_DELETE, TRUE);
+- g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_RENAME, TRUE);
+-}
+-
+ static void
+ do_query_info (GVfsBackend *backend,
+ GVfsJobQueryInfo *query_info_job,
+@@ -195,7 +182,6 @@ do_query_info (GVfsBackend *backend,
+ if (error != NULL)
+ goto out;
+
+- fix_file_info (real_info);
+ g_file_info_copy_into (real_info, info);
+ g_object_unref (real_info);
+
+@@ -220,7 +206,6 @@ do_query_info_on_read (GVfsBackend *backend,
+ if (error != NULL)
+ goto out;
+
+- fix_file_info (real_info);
+ g_file_info_copy_into (real_info, info);
+ g_object_unref (real_info);
+
+@@ -245,7 +230,6 @@ do_query_info_on_write (GVfsBackend *backend,
+ if (error != NULL)
+ goto out;
+
+- fix_file_info (real_info);
+ g_file_info_copy_into (real_info, info);
+ g_object_unref (real_info);
+
+@@ -977,14 +961,15 @@ acquire_caps (uid_t uid)
+ struct __user_cap_header_struct hdr;
+ struct __user_cap_data_struct data;
+
+- /* Tell kernel not clear capabilities when dropping root */
+- if (prctl (PR_SET_KEEPCAPS, 1, 0, 0, 0) < 0)
+- g_error ("prctl(PR_SET_KEEPCAPS) failed");
+-
+- /* Drop root uid, but retain the required permitted caps */
+- if (setuid (uid) < 0)
++ /* Set euid to user to make dbus work */
++ if (seteuid (uid) < 0)
+ g_error ("unable to drop privs");
+
++ /* Set fsuid to still behave like root when working with files */
++ setfsuid (0);
++ if (setfsuid (-1) != 0)
++ g_error ("setfsuid failed");
++
+ memset (&hdr, 0, sizeof(hdr));
+ hdr.version = _LINUX_CAPABILITY_VERSION;
+
+--
+2.24.1
+
diff --git a/package/gvfs/gvfs.mk b/package/gvfs/gvfs.mk
index eb31f6f8df..ec75852438 100644
--- a/package/gvfs/gvfs.mk
+++ b/package/gvfs/gvfs.mk
@@ -21,6 +21,10 @@ GVFS_IGNORE_CVES += CVE-2019-3827
# package/gvfs/0002-admin-Add-query_info_on_read-write-functionality.patch
GVFS_IGNORE_CVES += CVE-2019-12448
+# 0003-admin-Allow-changing-file-owner.patch
+# 0004-admin-Use-fsuid-to-ensure-correct-file-ownership.patch
+GVFS_IGNORE_CVES += CVE-2019-12447
+
# Export ac_cv_path_LIBGCRYPT_CONFIG unconditionally to prevent
# build system from searching the host paths.
GVFS_CONF_ENV = \
--
2.25.1
^ permalink raw reply related [flat|nested] 9+ messages in thread* [Buildroot] [PATCH 4/5] package/gvfs: fix CVE-2019-12449
2020-03-29 16:02 [Buildroot] [PATCH 1/5] package/gvfs: fix CVE-2019-3827 Fabrice Fontaine
2020-03-29 16:02 ` [Buildroot] [PATCH 2/5] package/gvfs: fix CVE-2019-12448 Fabrice Fontaine
2020-03-29 16:02 ` [Buildroot] [PATCH 3/5] package/gvfs: fix CVE-2019-12447 Fabrice Fontaine
@ 2020-03-29 16:02 ` Fabrice Fontaine
2020-03-29 16:02 ` [Buildroot] [PATCH 5/5] package/gvfs: fix CVE-2019-12795 Fabrice Fontaine
` (2 subsequent siblings)
5 siblings, 0 replies; 9+ messages in thread
From: Fabrice Fontaine @ 2020-03-29 16:02 UTC (permalink / raw)
To: buildroot
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2.
daemon/gvfsbackendadmin.c mishandles a file's user and group ownership
during move (and copy with G_FILE_COPY_ALL_METADATA) operations from
admin:// to file:// URIs, because root privileges are unavailable.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
...ct-ownership-when-moving-to-file-uri.patch | 84 +++++++++++++++++++
package/gvfs/gvfs.mk | 3 +
2 files changed, 87 insertions(+)
create mode 100644 package/gvfs/0005-admin-Ensure-correct-ownership-when-moving-to-file-uri.patch
diff --git a/package/gvfs/0005-admin-Ensure-correct-ownership-when-moving-to-file-uri.patch b/package/gvfs/0005-admin-Ensure-correct-ownership-when-moving-to-file-uri.patch
new file mode 100644
index 0000000000..3b60120751
--- /dev/null
+++ b/package/gvfs/0005-admin-Ensure-correct-ownership-when-moving-to-file-uri.patch
@@ -0,0 +1,84 @@
+From d5dfd823c94045488aef8727c553f1e0f7666b90 Mon Sep 17 00:00:00 2001
+From: Ondrej Holy <oholy@redhat.com>
+Date: Fri, 24 May 2019 09:43:43 +0200
+Subject: [PATCH] admin: Ensure correct ownership when moving to file:// uri
+
+User and group is not restored properly when moving (or copying with
+G_FILE_COPY_ALL_METADATA) from admin:// to file://, because it is handled
+by GIO fallback code, which doesn't run with root permissions. Let's
+handle this case with pull method to ensure correct ownership.
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+[Retrieved from:
+https://gitlab.gnome.org/GNOME/gvfs/commit/d5dfd823c94045488aef8727c553f1e0f7666b90]
+---
+ daemon/gvfsbackendadmin.c | 46 +++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 46 insertions(+)
+
+diff --git a/daemon/gvfsbackendadmin.c b/daemon/gvfsbackendadmin.c
+index 32b51b1a..9a7e8295 100644
+--- a/daemon/gvfsbackendadmin.c
++++ b/daemon/gvfsbackendadmin.c
+@@ -807,6 +807,51 @@ do_move (GVfsBackend *backend,
+ complete_job (job, error);
+ }
+
++static void
++do_pull (GVfsBackend *backend,
++ GVfsJobPull *pull_job,
++ const char *source,
++ const char *local_path,
++ GFileCopyFlags flags,
++ gboolean remove_source,
++ GFileProgressCallback progress_callback,
++ gpointer progress_callback_data)
++{
++ GVfsBackendAdmin *self = G_VFS_BACKEND_ADMIN (backend);
++ GVfsJob *job = G_VFS_JOB (pull_job);
++ GError *error = NULL;
++ GFile *src_file, *dst_file;
++
++ /* Pull method is necessary when user/group needs to be restored, return
++ * G_IO_ERROR_NOT_SUPPORTED in other cases to proceed with the fallback code.
++ */
++ if (!(flags & G_FILE_COPY_ALL_METADATA))
++ {
++ g_vfs_job_failed_literal (G_VFS_JOB (job), G_IO_ERROR,
++ G_IO_ERROR_NOT_SUPPORTED,
++ _("Operation not supported"));
++ return;
++ }
++
++ if (!check_permission (self, job))
++ return;
++
++ src_file = g_file_new_for_path (source);
++ dst_file = g_file_new_for_path (local_path);
++
++ if (remove_source)
++ g_file_move (src_file, dst_file, flags, job->cancellable,
++ progress_callback, progress_callback_data, &error);
++ else
++ g_file_copy (src_file, dst_file, flags, job->cancellable,
++ progress_callback, progress_callback_data, &error);
++
++ g_object_unref (src_file);
++ g_object_unref (dst_file);
++
++ complete_job (job, error);
++}
++
+ static void
+ do_query_settable_attributes (GVfsBackend *backend,
+ GVfsJobQueryAttributes *query_job,
+@@ -927,6 +972,7 @@ g_vfs_backend_admin_class_init (GVfsBackendAdminClass * klass)
+ backend_class->set_attribute = do_set_attribute;
+ backend_class->delete = do_delete;
+ backend_class->move = do_move;
++ backend_class->pull = do_pull;
+ backend_class->query_settable_attributes = do_query_settable_attributes;
+ backend_class->query_writable_namespaces = do_query_writable_namespaces;
+ }
+--
+2.24.1
+
diff --git a/package/gvfs/gvfs.mk b/package/gvfs/gvfs.mk
index ec75852438..a3308b713d 100644
--- a/package/gvfs/gvfs.mk
+++ b/package/gvfs/gvfs.mk
@@ -25,6 +25,9 @@ GVFS_IGNORE_CVES += CVE-2019-12448
# 0004-admin-Use-fsuid-to-ensure-correct-file-ownership.patch
GVFS_IGNORE_CVES += CVE-2019-12447
+# 0005-admin-Ensure-correct-ownership-when-moving-to-file-uri.patch
+GVFS_IGNORE_CVES += CVE-2019-12449
+
# Export ac_cv_path_LIBGCRYPT_CONFIG unconditionally to prevent
# build system from searching the host paths.
GVFS_CONF_ENV = \
--
2.25.1
^ permalink raw reply related [flat|nested] 9+ messages in thread* [Buildroot] [PATCH 5/5] package/gvfs: fix CVE-2019-12795
2020-03-29 16:02 [Buildroot] [PATCH 1/5] package/gvfs: fix CVE-2019-3827 Fabrice Fontaine
` (2 preceding siblings ...)
2020-03-29 16:02 ` [Buildroot] [PATCH 4/5] package/gvfs: fix CVE-2019-12449 Fabrice Fontaine
@ 2020-03-29 16:02 ` Fabrice Fontaine
2020-03-29 16:49 ` [Buildroot] [PATCH 1/5] package/gvfs: fix CVE-2019-3827 Yann E. MORIN
2020-04-07 19:07 ` Peter Korsgaard
5 siblings, 0 replies; 9+ messages in thread
From: Fabrice Fontaine @ 2020-03-29 16:02 UTC (permalink / raw)
To: buildroot
daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x
before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server
socket without configuring an authorization rule. A local attacker could
connect to this server socket and issue D-Bus method calls. (Note that
the server socket only accepts a single connection, so the attacker
would have to discover the server and connect to the socket before its
owner does.)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
...e-connecting-client-is-the-same-user.patch | 96 +++++++++++++++++++
package/gvfs/gvfs.mk | 3 +
2 files changed, 99 insertions(+)
create mode 100644 package/gvfs/0006-gvfsdaemon-Check-that-the-connecting-client-is-the-same-user.patch
diff --git a/package/gvfs/0006-gvfsdaemon-Check-that-the-connecting-client-is-the-same-user.patch b/package/gvfs/0006-gvfsdaemon-Check-that-the-connecting-client-is-the-same-user.patch
new file mode 100644
index 0000000000..4be7a81130
--- /dev/null
+++ b/package/gvfs/0006-gvfsdaemon-Check-that-the-connecting-client-is-the-same-user.patch
@@ -0,0 +1,96 @@
+From 70dbfc68a79faac49bd3423e079cb6902522082a Mon Sep 17 00:00:00 2001
+From: Simon McVittie <smcv@collabora.com>
+Date: Wed, 5 Jun 2019 13:33:38 +0100
+Subject: [PATCH] gvfsdaemon: Check that the connecting client is the same user
+
+Otherwise, an attacker who learns the abstract socket address from
+netstat(8) or similar could connect to it and issue D-Bus method
+calls.
+
+Signed-off-by: Simon McVittie <smcv@collabora.com>
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+[Retrieved from:
+https://gitlab.gnome.org/GNOME/gvfs/commit/70dbfc68a79faac49bd3423e079cb6902522082a]
+---
+ daemon/gvfsdaemon.c | 36 +++++++++++++++++++++++++++++++++++-
+ 1 file changed, 35 insertions(+), 1 deletion(-)
+
+diff --git a/daemon/gvfsdaemon.c b/daemon/gvfsdaemon.c
+index 406d4f8e..be148a7b 100644
+--- a/daemon/gvfsdaemon.c
++++ b/daemon/gvfsdaemon.c
+@@ -79,6 +79,7 @@ struct _GVfsDaemon
+
+ gint mount_counter;
+
++ GDBusAuthObserver *auth_observer;
+ GDBusConnection *conn;
+ GVfsDBusDaemon *daemon_skeleton;
+ GVfsDBusMountable *mountable_skeleton;
+@@ -171,6 +172,8 @@ g_vfs_daemon_finalize (GObject *object)
+ }
+ if (daemon->conn != NULL)
+ g_object_unref (daemon->conn);
++ if (daemon->auth_observer != NULL)
++ g_object_unref (daemon->auth_observer);
+
+ g_hash_table_destroy (daemon->registered_paths);
+ g_hash_table_destroy (daemon->client_connections);
+@@ -236,6 +239,35 @@ name_vanished_handler (GDBusConnection *connection,
+ daemon->lost_main_daemon = TRUE;
+ }
+
++/*
++ * Authentication observer signal handler that authorizes connections
++ * from the same uid as this process. This matches the behaviour of a
++ * libdbus DBusServer/DBusConnection when no DBusAllowUnixUserFunction
++ * has been set, but is not the default in GDBus.
++ */
++static gboolean
++authorize_authenticated_peer_cb (GDBusAuthObserver *observer,
++ G_GNUC_UNUSED GIOStream *stream,
++ GCredentials *credentials,
++ G_GNUC_UNUSED gpointer user_data)
++{
++ gboolean authorized = FALSE;
++
++ if (credentials != NULL)
++ {
++ GCredentials *own_credentials;
++
++ own_credentials = g_credentials_new ();
++
++ if (g_credentials_is_same_user (credentials, own_credentials, NULL))
++ authorized = TRUE;
++
++ g_object_unref (own_credentials);
++ }
++
++ return authorized;
++}
++
+ static void
+ g_vfs_daemon_init (GVfsDaemon *daemon)
+ {
+@@ -265,6 +297,8 @@ g_vfs_daemon_init (GVfsDaemon *daemon)
+
+ daemon->conn = g_bus_get_sync (G_BUS_TYPE_SESSION, NULL, NULL);
+ g_assert (daemon->conn != NULL);
++ daemon->auth_observer = g_dbus_auth_observer_new ();
++ g_signal_connect (daemon->auth_observer, "authorize-authenticated-peer", G_CALLBACK (authorize_authenticated_peer_cb), NULL);
+
+ daemon->daemon_skeleton = gvfs_dbus_daemon_skeleton_new ();
+ g_signal_connect (daemon->daemon_skeleton, "handle-get-connection", G_CALLBACK (handle_get_connection), daemon);
+@@ -876,7 +910,7 @@ handle_get_connection (GVfsDBusDaemon *object,
+ server = g_dbus_server_new_sync (address1,
+ G_DBUS_SERVER_FLAGS_NONE,
+ guid,
+- NULL, /* GDBusAuthObserver */
++ daemon->auth_observer,
+ NULL, /* GCancellable */
+ &error);
+ g_free (guid);
+--
+2.24.1
+
diff --git a/package/gvfs/gvfs.mk b/package/gvfs/gvfs.mk
index a3308b713d..b3b18a3482 100644
--- a/package/gvfs/gvfs.mk
+++ b/package/gvfs/gvfs.mk
@@ -28,6 +28,9 @@ GVFS_IGNORE_CVES += CVE-2019-12447
# 0005-admin-Ensure-correct-ownership-when-moving-to-file-uri.patch
GVFS_IGNORE_CVES += CVE-2019-12449
+# 0006-gvfsdaemon-Check-that-the-connecting-client-is-the-same-user.patch
+GVFS_IGNORE_CVES += CVE-2019-12795
+
# Export ac_cv_path_LIBGCRYPT_CONFIG unconditionally to prevent
# build system from searching the host paths.
GVFS_CONF_ENV = \
--
2.25.1
^ permalink raw reply related [flat|nested] 9+ messages in thread* [Buildroot] [PATCH 1/5] package/gvfs: fix CVE-2019-3827
2020-03-29 16:02 [Buildroot] [PATCH 1/5] package/gvfs: fix CVE-2019-3827 Fabrice Fontaine
` (3 preceding siblings ...)
2020-03-29 16:02 ` [Buildroot] [PATCH 5/5] package/gvfs: fix CVE-2019-12795 Fabrice Fontaine
@ 2020-03-29 16:49 ` Yann E. MORIN
2020-03-29 17:12 ` Fabrice Fontaine
2020-04-07 19:07 ` Peter Korsgaard
5 siblings, 1 reply; 9+ messages in thread
From: Yann E. MORIN @ 2020-03-29 16:49 UTC (permalink / raw)
To: buildroot
Fabrice, All,
On 2020-03-29 18:02 +0200, Fabrice Fontaine spake thusly:
> An incorrect permission check in the admin backend in gvfs before
> version 1.39.4 was found that allows reading and modify arbitrary files
> by privileged users without asking for password when no authentication
> agent is running. This vulnerability can be exploited by malicious
> programs running under privileges of users belonging to the wheel group
> to further escalate its privileges by modifying system files without
> user's knowledge. Successful exploitation requires uncommon system
> configuration.
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Patch series applied to master, thanks.
Any reason why you sent one patch for each CVE, rather than a single
patch?
Regards,
Yann E. MORIN.
> ---
> ...authentication-agent-isn-t-available.patch | 46 +++++++++++++++++++
> package/gvfs/gvfs.mk | 3 ++
> 2 files changed, 49 insertions(+)
> create mode 100644 package/gvfs/0001-admin-Prevent-access-if-any-authentication-agent-isn-t-available.patch
>
> diff --git a/package/gvfs/0001-admin-Prevent-access-if-any-authentication-agent-isn-t-available.patch b/package/gvfs/0001-admin-Prevent-access-if-any-authentication-agent-isn-t-available.patch
> new file mode 100644
> index 0000000000..2715371534
> --- /dev/null
> +++ b/package/gvfs/0001-admin-Prevent-access-if-any-authentication-agent-isn-t-available.patch
> @@ -0,0 +1,46 @@
> +From d8d0c8c40049cfd824b2b90d0cd47914052b9811 Mon Sep 17 00:00:00 2001
> +From: Ondrej Holy <oholy@redhat.com>
> +Date: Wed, 2 Jan 2019 17:13:27 +0100
> +Subject: [PATCH] admin: Prevent access if any authentication agent isn't
> + available
> +
> +The backend currently allows to access and modify files without prompting
> +for password if any polkit authentication agent isn't available. This seems
> +isn't usually problem, because polkit agents are integral parts of
> +graphical environments / linux distributions. The agents can't be simply
> +disabled without root permissions and are automatically respawned. However,
> +this might be a problem in some non-standard cases.
> +
> +This affects only users which belong to wheel group (i.e. those who are
> +already allowed to use sudo). It doesn't allow privilege escalation for
> +users, who don't belong to that group.
> +
> +Let's return permission denied error also when the subject can't be
> +authorized by any polkit agent to prevent this behavior.
> +
> +Closes: https://gitlab.gnome.org/GNOME/gvfs/issues/355
> +
> +Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> +[Retrieved from:
> +https://gitlab.gnome.org/GNOME/gvfs/commit/d8d0c8c40049cfd824b2b90d0cd47914052b9811]
> +---
> + daemon/gvfsbackendadmin.c | 3 +--
> + 1 file changed, 1 insertion(+), 2 deletions(-)
> +
> +diff --git a/daemon/gvfsbackendadmin.c b/daemon/gvfsbackendadmin.c
> +index ec0f2392..0f849008 100644
> +--- a/daemon/gvfsbackendadmin.c
> ++++ b/daemon/gvfsbackendadmin.c
> +@@ -130,8 +130,7 @@ check_permission (GVfsBackendAdmin *self,
> + return FALSE;
> + }
> +
> +- is_authorized = polkit_authorization_result_get_is_authorized (result) ||
> +- polkit_authorization_result_get_is_challenge (result);
> ++ is_authorized = polkit_authorization_result_get_is_authorized (result);
> +
> + g_object_unref (result);
> +
> +--
> +2.24.1
> +
> diff --git a/package/gvfs/gvfs.mk b/package/gvfs/gvfs.mk
> index c380a710fb..6c927fa345 100644
> --- a/package/gvfs/gvfs.mk
> +++ b/package/gvfs/gvfs.mk
> @@ -15,6 +15,9 @@ GVFS_LICENSE = LGPL-2.0+
> GVFS_LICENSE_FILES = COPYING
> GVFS_LIBS = $(TARGET_NLS_LIBS)
>
> +# 0001-admin-Prevent-access-if-any-authentication-agent-isn-t-available.patch
> +GVFS_IGNORE_CVES += CVE-2019-3827
> +
> # Export ac_cv_path_LIBGCRYPT_CONFIG unconditionally to prevent
> # build system from searching the host paths.
> GVFS_CONF_ENV = \
> --
> 2.25.1
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
^ permalink raw reply [flat|nested] 9+ messages in thread* [Buildroot] [PATCH 1/5] package/gvfs: fix CVE-2019-3827
2020-03-29 16:49 ` [Buildroot] [PATCH 1/5] package/gvfs: fix CVE-2019-3827 Yann E. MORIN
@ 2020-03-29 17:12 ` Fabrice Fontaine
2020-03-29 17:28 ` Yann E. MORIN
0 siblings, 1 reply; 9+ messages in thread
From: Fabrice Fontaine @ 2020-03-29 17:12 UTC (permalink / raw)
To: buildroot
Yann,
Le dim. 29 mars 2020 ? 18:49, Yann E. MORIN <yann.morin.1998@free.fr> a ?crit :
>
> Fabrice, All,
>
> On 2020-03-29 18:02 +0200, Fabrice Fontaine spake thusly:
> > An incorrect permission check in the admin backend in gvfs before
> > version 1.39.4 was found that allows reading and modify arbitrary files
> > by privileged users without asking for password when no authentication
> > agent is running. This vulnerability can be exploited by malicious
> > programs running under privileges of users belonging to the wheel group
> > to further escalate its privileges by modifying system files without
> > user's knowledge. Successful exploitation requires uncommon system
> > configuration.
> >
> > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
>
> Patch series applied to master, thanks.
>
> Any reason why you sent one patch for each CVE, rather than a single
> patch?
No special reason, I thought that it'll be easier to review one by one
instead of a single patch.
>
> Regards,
> Yann E. MORIN.
>
> > ---
> > ...authentication-agent-isn-t-available.patch | 46 +++++++++++++++++++
> > package/gvfs/gvfs.mk | 3 ++
> > 2 files changed, 49 insertions(+)
> > create mode 100644 package/gvfs/0001-admin-Prevent-access-if-any-authentication-agent-isn-t-available.patch
> >
> > diff --git a/package/gvfs/0001-admin-Prevent-access-if-any-authentication-agent-isn-t-available.patch b/package/gvfs/0001-admin-Prevent-access-if-any-authentication-agent-isn-t-available.patch
> > new file mode 100644
> > index 0000000000..2715371534
> > --- /dev/null
> > +++ b/package/gvfs/0001-admin-Prevent-access-if-any-authentication-agent-isn-t-available.patch
> > @@ -0,0 +1,46 @@
> > +From d8d0c8c40049cfd824b2b90d0cd47914052b9811 Mon Sep 17 00:00:00 2001
> > +From: Ondrej Holy <oholy@redhat.com>
> > +Date: Wed, 2 Jan 2019 17:13:27 +0100
> > +Subject: [PATCH] admin: Prevent access if any authentication agent isn't
> > + available
> > +
> > +The backend currently allows to access and modify files without prompting
> > +for password if any polkit authentication agent isn't available. This seems
> > +isn't usually problem, because polkit agents are integral parts of
> > +graphical environments / linux distributions. The agents can't be simply
> > +disabled without root permissions and are automatically respawned. However,
> > +this might be a problem in some non-standard cases.
> > +
> > +This affects only users which belong to wheel group (i.e. those who are
> > +already allowed to use sudo). It doesn't allow privilege escalation for
> > +users, who don't belong to that group.
> > +
> > +Let's return permission denied error also when the subject can't be
> > +authorized by any polkit agent to prevent this behavior.
> > +
> > +Closes: https://gitlab.gnome.org/GNOME/gvfs/issues/355
> > +
> > +Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> > +[Retrieved from:
> > +https://gitlab.gnome.org/GNOME/gvfs/commit/d8d0c8c40049cfd824b2b90d0cd47914052b9811]
> > +---
> > + daemon/gvfsbackendadmin.c | 3 +--
> > + 1 file changed, 1 insertion(+), 2 deletions(-)
> > +
> > +diff --git a/daemon/gvfsbackendadmin.c b/daemon/gvfsbackendadmin.c
> > +index ec0f2392..0f849008 100644
> > +--- a/daemon/gvfsbackendadmin.c
> > ++++ b/daemon/gvfsbackendadmin.c
> > +@@ -130,8 +130,7 @@ check_permission (GVfsBackendAdmin *self,
> > + return FALSE;
> > + }
> > +
> > +- is_authorized = polkit_authorization_result_get_is_authorized (result) ||
> > +- polkit_authorization_result_get_is_challenge (result);
> > ++ is_authorized = polkit_authorization_result_get_is_authorized (result);
> > +
> > + g_object_unref (result);
> > +
> > +--
> > +2.24.1
> > +
> > diff --git a/package/gvfs/gvfs.mk b/package/gvfs/gvfs.mk
> > index c380a710fb..6c927fa345 100644
> > --- a/package/gvfs/gvfs.mk
> > +++ b/package/gvfs/gvfs.mk
> > @@ -15,6 +15,9 @@ GVFS_LICENSE = LGPL-2.0+
> > GVFS_LICENSE_FILES = COPYING
> > GVFS_LIBS = $(TARGET_NLS_LIBS)
> >
> > +# 0001-admin-Prevent-access-if-any-authentication-agent-isn-t-available.patch
> > +GVFS_IGNORE_CVES += CVE-2019-3827
> > +
> > # Export ac_cv_path_LIBGCRYPT_CONFIG unconditionally to prevent
> > # build system from searching the host paths.
> > GVFS_CONF_ENV = \
> > --
> > 2.25.1
> >
> > _______________________________________________
> > buildroot mailing list
> > buildroot at busybox.net
> > http://lists.busybox.net/mailman/listinfo/buildroot
>
> --
> .-----------------.--------------------.------------------.--------------------.
> | Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
> | +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
> | +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
> | http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
> '------------------------------^-------^------------------^--------------------'
Best Regards,
Fabrice
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Buildroot] [PATCH 1/5] package/gvfs: fix CVE-2019-3827
2020-03-29 17:12 ` Fabrice Fontaine
@ 2020-03-29 17:28 ` Yann E. MORIN
0 siblings, 0 replies; 9+ messages in thread
From: Yann E. MORIN @ 2020-03-29 17:28 UTC (permalink / raw)
To: buildroot
Fabrice, All,
On 2020-03-29 19:12 +0200, Fabrice Fontaine spake thusly:
> Le dim. 29 mars 2020 ? 18:49, Yann E. MORIN <yann.morin.1998@free.fr> a ?crit :
[--SNIP--]
> > Any reason why you sent one patch for each CVE, rather than a single
> > patch?
> No special reason, I thought that it'll be easier to review one by one
> instead of a single patch.
Yes, that's good.
Stil, when all a commit does is backport upstream fixes, I'm OK with a
single big commit (as long as backported patches have proper upstream
URLs, and are really left otherwise totally untouched, code-wise).
So, either way. Thanks! :-)
Regards,
Yann E. MORIN.
> > Regards,
> > Yann E. MORIN.
> >
> > > ---
> > > ...authentication-agent-isn-t-available.patch | 46 +++++++++++++++++++
> > > package/gvfs/gvfs.mk | 3 ++
> > > 2 files changed, 49 insertions(+)
> > > create mode 100644 package/gvfs/0001-admin-Prevent-access-if-any-authentication-agent-isn-t-available.patch
> > >
> > > diff --git a/package/gvfs/0001-admin-Prevent-access-if-any-authentication-agent-isn-t-available.patch b/package/gvfs/0001-admin-Prevent-access-if-any-authentication-agent-isn-t-available.patch
> > > new file mode 100644
> > > index 0000000000..2715371534
> > > --- /dev/null
> > > +++ b/package/gvfs/0001-admin-Prevent-access-if-any-authentication-agent-isn-t-available.patch
> > > @@ -0,0 +1,46 @@
> > > +From d8d0c8c40049cfd824b2b90d0cd47914052b9811 Mon Sep 17 00:00:00 2001
> > > +From: Ondrej Holy <oholy@redhat.com>
> > > +Date: Wed, 2 Jan 2019 17:13:27 +0100
> > > +Subject: [PATCH] admin: Prevent access if any authentication agent isn't
> > > + available
> > > +
> > > +The backend currently allows to access and modify files without prompting
> > > +for password if any polkit authentication agent isn't available. This seems
> > > +isn't usually problem, because polkit agents are integral parts of
> > > +graphical environments / linux distributions. The agents can't be simply
> > > +disabled without root permissions and are automatically respawned. However,
> > > +this might be a problem in some non-standard cases.
> > > +
> > > +This affects only users which belong to wheel group (i.e. those who are
> > > +already allowed to use sudo). It doesn't allow privilege escalation for
> > > +users, who don't belong to that group.
> > > +
> > > +Let's return permission denied error also when the subject can't be
> > > +authorized by any polkit agent to prevent this behavior.
> > > +
> > > +Closes: https://gitlab.gnome.org/GNOME/gvfs/issues/355
> > > +
> > > +Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> > > +[Retrieved from:
> > > +https://gitlab.gnome.org/GNOME/gvfs/commit/d8d0c8c40049cfd824b2b90d0cd47914052b9811]
> > > +---
> > > + daemon/gvfsbackendadmin.c | 3 +--
> > > + 1 file changed, 1 insertion(+), 2 deletions(-)
> > > +
> > > +diff --git a/daemon/gvfsbackendadmin.c b/daemon/gvfsbackendadmin.c
> > > +index ec0f2392..0f849008 100644
> > > +--- a/daemon/gvfsbackendadmin.c
> > > ++++ b/daemon/gvfsbackendadmin.c
> > > +@@ -130,8 +130,7 @@ check_permission (GVfsBackendAdmin *self,
> > > + return FALSE;
> > > + }
> > > +
> > > +- is_authorized = polkit_authorization_result_get_is_authorized (result) ||
> > > +- polkit_authorization_result_get_is_challenge (result);
> > > ++ is_authorized = polkit_authorization_result_get_is_authorized (result);
> > > +
> > > + g_object_unref (result);
> > > +
> > > +--
> > > +2.24.1
> > > +
> > > diff --git a/package/gvfs/gvfs.mk b/package/gvfs/gvfs.mk
> > > index c380a710fb..6c927fa345 100644
> > > --- a/package/gvfs/gvfs.mk
> > > +++ b/package/gvfs/gvfs.mk
> > > @@ -15,6 +15,9 @@ GVFS_LICENSE = LGPL-2.0+
> > > GVFS_LICENSE_FILES = COPYING
> > > GVFS_LIBS = $(TARGET_NLS_LIBS)
> > >
> > > +# 0001-admin-Prevent-access-if-any-authentication-agent-isn-t-available.patch
> > > +GVFS_IGNORE_CVES += CVE-2019-3827
> > > +
> > > # Export ac_cv_path_LIBGCRYPT_CONFIG unconditionally to prevent
> > > # build system from searching the host paths.
> > > GVFS_CONF_ENV = \
> > > --
> > > 2.25.1
> > >
> > > _______________________________________________
> > > buildroot mailing list
> > > buildroot at busybox.net
> > > http://lists.busybox.net/mailman/listinfo/buildroot
> >
> > --
> > .-----------------.--------------------.------------------.--------------------.
> > | Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
> > | +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
> > | +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
> > | http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
> > '------------------------------^-------^------------------^--------------------'
> Best Regards,
>
> Fabrice
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Buildroot] [PATCH 1/5] package/gvfs: fix CVE-2019-3827
2020-03-29 16:02 [Buildroot] [PATCH 1/5] package/gvfs: fix CVE-2019-3827 Fabrice Fontaine
` (4 preceding siblings ...)
2020-03-29 16:49 ` [Buildroot] [PATCH 1/5] package/gvfs: fix CVE-2019-3827 Yann E. MORIN
@ 2020-04-07 19:07 ` Peter Korsgaard
5 siblings, 0 replies; 9+ messages in thread
From: Peter Korsgaard @ 2020-04-07 19:07 UTC (permalink / raw)
To: buildroot
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
> An incorrect permission check in the admin backend in gvfs before
> version 1.39.4 was found that allows reading and modify arbitrary files
> by privileged users without asking for password when no authentication
> agent is running. This vulnerability can be exploited by malicious
> programs running under privileges of users belonging to the wheel group
> to further escalate its privileges by modifying system files without
> user's knowledge. Successful exploitation requires uncommon system
> configuration.
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Committed all 5 to 2019.02.x, 2019.11.x and 2020.02.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 9+ messages in thread