Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP1:Update
gvfs
gvfs-CVE-2019-12447.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File gvfs-CVE-2019-12447.patch of Package gvfs
diff --git a/daemon/gvfsbackendadmin.c b/daemon/gvfsbackendadmin.c index f8ff0b3..11cd163 100644 --- a/daemon/gvfsbackendadmin.c +++ b/daemon/gvfsbackendadmin.c @@ -157,19 +157,6 @@ complete_job (GVfsJob *job, g_vfs_job_succeeded (job); } -static void -fix_file_info (GFileInfo *info) -{ - /* Override read/write flags, since the above call will use access() - * to determine permissions, which does not honor our privileged - * capabilities. - */ - g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_READ, TRUE); - g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_WRITE, TRUE); - g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_DELETE, TRUE); - g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_RENAME, TRUE); -} - static void do_query_info (GVfsBackend *backend, GVfsJobQueryInfo *query_info_job, @@ -195,7 +182,6 @@ do_query_info (GVfsBackend *backend, if (error != NULL) goto out; - fix_file_info (real_info); g_file_info_copy_into (real_info, info); g_object_unref (real_info); @@ -220,7 +206,6 @@ do_query_info_on_read (GVfsBackend *backend, if (error != NULL) goto out; - fix_file_info (real_info); g_file_info_copy_into (real_info, info); g_object_unref (real_info); @@ -245,7 +230,6 @@ do_query_info_on_write (GVfsBackend *backend, if (error != NULL) goto out; - fix_file_info (real_info); g_file_info_copy_into (real_info, info); g_object_unref (real_info); @@ -1007,7 +991,8 @@ g_vfs_backend_admin_init (GVfsBackendAdmin *self) #define REQUIRED_CAPS (CAP_TO_MASK(CAP_FOWNER) | \ CAP_TO_MASK(CAP_DAC_OVERRIDE) | \ - CAP_TO_MASK(CAP_DAC_READ_SEARCH)) + CAP_TO_MASK(CAP_DAC_READ_SEARCH) | \ + CAP_TO_MASK(CAP_CHOWN)) static void acquire_caps (uid_t uid) @@ -1015,14 +1000,15 @@ acquire_caps (uid_t uid) struct __user_cap_header_struct hdr; struct __user_cap_data_struct data; - /* Tell kernel not clear capabilities when dropping root */ - if (prctl (PR_SET_KEEPCAPS, 1, 0, 0, 0) < 0) - g_error ("prctl(PR_SET_KEEPCAPS) failed"); - - /* Drop root uid, but retain the required permitted caps */ - if (setuid (uid) < 0) + /* Set euid to user to make dbus work */ + if (seteuid (uid) < 0) g_error ("unable to drop privs"); + /* Set fsuid to still behave like root when working with files */ + setfsuid (0); + if (setfsuid (-1) != 0) + g_error ("setfsuid failed"); + memset (&hdr, 0, sizeof(hdr)); hdr.version = _LINUX_CAPABILITY_VERSION;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor