File PackageKit-CVE-2020-16121.patch of Package PackageKit.33123

Overview Repositories Revisions Requests Users Attributes Meta

File PackageKit-CVE-2020-16121.patch of Package PackageKit.33123

From d5e8c59745bf7c521c6f311e6b22b4b67a8b828f Mon Sep 17 00:00:00 2001
From: Julian Andres Klode <julian.klode@canonical.com>
Date: Tue, 22 Sep 2020 14:12:12 +0200
Subject: [PATCH] Information disclosure in InstallFiles, GetFilesLocal and
 GetDetailsLocal (CVE-2020-16121)

These functions revealed existence and content type of files, which
allows a non-root user to check existence and content type of any
file on the system, regardless of permission, as the checks are
performed as root.

A correct fix would move those checks into the client, and pass an
fd to the daemon. Here we just hide which failure it is, which we
would need to do anyway, but don't provide an improved version as
that's out of scope for a security issue and requires changes the
reverse dependencies using those functions.

Bug-Ubuntu: https://bugs.launchpad.net/bugs/1888887
---
 src/pk-transaction.c | 48 ++++++++++++++++----------------------------
 1 file changed, 17 insertions(+), 31 deletions(-)

diff --git a/src/pk-transaction.c b/src/pk-transaction.c
index 3ef5a12bf..7cb1ced60 100644
--- a/src/pk-transaction.c
+++ b/src/pk-transaction.c
@@ -3059,7 +3059,7 @@ pk_transaction_get_details_local (PkTransaction *transaction,
 			g_set_error (&error,
 				     PK_TRANSACTION_ERROR,
 				     PK_TRANSACTION_ERROR_NO_SUCH_FILE,
-				     "No such file %s", full_paths[i]);
+				     "File %s is not found or unsupported", full_paths[i]);
 			pk_transaction_set_state (transaction, PK_TRANSACTION_STATE_ERROR);
 			goto out;
 		}
@@ -3070,9 +3070,8 @@ pk_transaction_get_details_local (PkTransaction *transaction,
 		if (content_type == NULL) {
 			g_set_error (&error,
 				     PK_TRANSACTION_ERROR,
-				     PK_TRANSACTION_ERROR_MIME_TYPE_NOT_SUPPORTED,
-				     "Failed to get content type for file %s",
-				     full_paths[i]);
+				     PK_TRANSACTION_ERROR_NO_SUCH_FILE,
+				     "File %s is not found or unsupported", full_paths[i]);
 			pk_transaction_set_state (transaction, PK_TRANSACTION_STATE_ERROR);
 			goto out;
 		}
@@ -3082,9 +3081,8 @@ pk_transaction_get_details_local (PkTransaction *transaction,
 		if (!ret) {
 			g_set_error (&error,
 				     PK_TRANSACTION_ERROR,
-				     PK_TRANSACTION_ERROR_MIME_TYPE_NOT_SUPPORTED,
-				     "MIME type '%s' not supported %s",
-				     content_type, full_paths[i]);
+				     PK_TRANSACTION_ERROR_NO_SUCH_FILE,
+				     "File %s is not found or unsupported", full_paths[i]);
 			pk_transaction_set_state (transaction, PK_TRANSACTION_STATE_ERROR);
 			goto out;
 		}
@@ -3160,7 +3158,7 @@ pk_transaction_get_files_local (PkTransaction *transaction,
 			g_set_error (&error,
 				     PK_TRANSACTION_ERROR,
 				     PK_TRANSACTION_ERROR_NO_SUCH_FILE,
-				     "No such file %s", full_paths[i]);
+				     "File %s is not found or unsupported", full_paths[i]);
 			pk_transaction_set_state (transaction, PK_TRANSACTION_STATE_ERROR);
 			goto out;
 		}
@@ -3171,9 +3169,8 @@ pk_transaction_get_files_local (PkTransaction *transaction,
 		if (content_type == NULL) {
 			g_set_error (&error,
 				     PK_TRANSACTION_ERROR,
-				     PK_TRANSACTION_ERROR_MIME_TYPE_NOT_SUPPORTED,
-				     "Failed to get content type for file %s",
-				     full_paths[i]);
+				     PK_TRANSACTION_ERROR_NO_SUCH_FILE,
+				     "File %s is not found or unsupported", full_paths[i]);
 			pk_transaction_set_state (transaction, PK_TRANSACTION_STATE_ERROR);
 			goto out;
 		}
@@ -3183,9 +3180,8 @@ pk_transaction_get_files_local (PkTransaction *transaction,
 		if (!ret) {
 			g_set_error (&error,
 				     PK_TRANSACTION_ERROR,
-				     PK_TRANSACTION_ERROR_MIME_TYPE_NOT_SUPPORTED,
-				     "MIME type '%s' not supported %s",
-				     content_type, full_paths[i]);
+				     PK_TRANSACTION_ERROR_NO_SUCH_FILE,
+				     "File %s is not found or unsupported", full_paths[i]);
 			pk_transaction_set_state (transaction, PK_TRANSACTION_STATE_ERROR);
 			goto out;
 		}
@@ -3688,7 +3684,7 @@ pk_transaction_install_files (PkTransaction *transaction,
 			g_set_error (&error,
 				     PK_TRANSACTION_ERROR,
 				     PK_TRANSACTION_ERROR_NO_SUCH_FILE,
-				     "No such file %s", full_paths[i]);
+				     "File %s is not found or unsupported", full_paths[i]);
 			pk_transaction_set_state (transaction, PK_TRANSACTION_STATE_ERROR);
 				goto out;
 		}
@@ -3698,9 +3694,8 @@ pk_transaction_install_files (PkTransaction *transaction,
 		if (content_type == NULL) {
 			g_set_error (&error,
 				     PK_TRANSACTION_ERROR,
-				     PK_TRANSACTION_ERROR_NOT_SUPPORTED,
-				     "Failed to get content type for file %s",
-				     full_paths[i]);
+				     PK_TRANSACTION_ERROR_NO_SUCH_FILE,
+				     "File %s is not found or unsupported", full_paths[i]);
 			pk_transaction_set_state (transaction, PK_TRANSACTION_STATE_ERROR);
 				goto out;
 		}
@@ -3708,19 +3703,10 @@ pk_transaction_install_files (PkTransaction *transaction,
 		/* supported content type? */
 		ret = pk_transaction_is_supported_content_type (transaction, content_type);
 		if (!ret) {
-			if (g_strcmp0 ("application/x-app-package", content_type) == 0 ||
-			    g_str_has_suffix (full_paths[i], ".ipk") == TRUE) {
-				g_set_error (&error,
-					      PK_TRANSACTION_ERROR,
-					      PK_TRANSACTION_ERROR_MIME_TYPE_NOT_SUPPORTED,
-					      "Listaller is required to install %s", full_paths[i]);
-			} else {
-				g_set_error (&error,
-					     PK_TRANSACTION_ERROR,
-					     PK_TRANSACTION_ERROR_MIME_TYPE_NOT_SUPPORTED,
-					     "MIME type '%s' not supported %s",
-					     content_type, full_paths[i]);
-			}
+			g_set_error (&error,
+				     PK_TRANSACTION_ERROR,
+				     PK_TRANSACTION_ERROR_NO_SUCH_FILE,
+				     "File %s is not found or unsupported", full_paths[i]);
 			pk_transaction_set_state (transaction, PK_TRANSACTION_STATE_ERROR);
 				goto out;
 		}
-- 
2.28.0

Places

File PackageKit-CVE-2020-16121.patch of Package PackageKit.33123

Places