Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:42.1:Update
kdelibs4
fix-kauth-bypass-CVE-2017-8422.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File fix-kauth-bypass-CVE-2017-8422.patch of Package kdelibs4
--- a/kdecore/auth/AuthBackend.cpp +++ a/kdecore/auth/AuthBackend.cpp @@ -54,6 +54,11 @@ void AuthBackend::setCapabilities(AuthBackend::Capabilities capabilities) d->capabilities = capabilities; } +AuthBackend::ExtraCallerIDVerificationMethod AuthBackend::extraCallerIDVerificationMethod() const +{ + return NoExtraCallerIDVerificationMethod; +} + bool AuthBackend::actionExists(const QString& action) { Q_UNUSED(action); --- a/kdecore/auth/AuthBackend.h +++ a/kdecore/auth/AuthBackend.h @@ -43,6 +43,12 @@ public: }; Q_DECLARE_FLAGS(Capabilities, Capability) + enum ExtraCallerIDVerificationMethod { + NoExtraCallerIDVerificationMethod, + VerifyAgainstDBusServiceName, + VerifyAgainstDBusServicePid, + }; + AuthBackend(); virtual ~AuthBackend(); virtual void setupAction(const QString &action) = 0; @@ -50,6 +56,7 @@ public: virtual Action::AuthStatus authorizeAction(const QString &action) = 0; virtual Action::AuthStatus actionStatus(const QString &action) = 0; virtual QByteArray callerID() const = 0; + virtual ExtraCallerIDVerificationMethod extraCallerIDVerificationMethod() const; virtual bool isCallerAuthorized(const QString &action, QByteArray callerID) = 0; virtual bool actionExists(const QString &action); --- a/kdecore/auth/backends/dbus/DBusHelperProxy.cpp +++ a/kdecore/auth/backends/dbus/DBusHelperProxy.cpp @@ -271,6 +271,29 @@ void DBusHelperProxy::performActions(QByteArray blob, const QByteArray &callerID } } +bool DBusHelperProxy::isCallerAuthorized(const QString &action, const QByteArray &callerID) +{ + // Check the caller is really who it says it is + switch (BackendsManager::authBackend()->extraCallerIDVerificationMethod()) { + case AuthBackend::NoExtraCallerIDVerificationMethod: + break; + + case AuthBackend::VerifyAgainstDBusServiceName: + if (message().service().toUtf8() != callerID) { + return false; + } + break; + + case AuthBackend::VerifyAgainstDBusServicePid: + if (connection().interface()->servicePid(message().service()).value() != callerID.toUInt()) { + return false; + } + break; + } + + return BackendsManager::authBackend()->isCallerAuthorized(action, callerID); +} + QByteArray DBusHelperProxy::performAction(const QString &action, const QByteArray &callerID, QByteArray arguments) { if (!responder) { @@ -295,7 +318,7 @@ QByteArray DBusHelperProxy::performAction(const QString &action, const QByteArra QTimer *timer = responder->property("__KAuth_Helper_Shutdown_Timer").value<QTimer*>(); timer->stop(); - if (BackendsManager::authBackend()->isCallerAuthorized(action, callerID)) { + if (isCallerAuthorized(action, callerID)) { QString slotname = action; if (slotname.startsWith(m_name + QLatin1Char('.'))) { slotname = slotname.right(slotname.length() - m_name.length() - 1); @@ -338,7 +361,7 @@ uint DBusHelperProxy::authorizeAction(const QString& action, const QByteArray& c QTimer *timer = responder->property("__KAuth_Helper_Shutdown_Timer").value<QTimer*>(); timer->stop(); - if (BackendsManager::authBackend()->isCallerAuthorized(action, callerID)) { + if (isCallerAuthorized(action, callerID)) { retVal = static_cast<uint>(Action::Authorized); } else { retVal = static_cast<uint>(Action::Denied); --- a/kdecore/auth/backends/dbus/DBusHelperProxy.h +++ a/kdecore/auth/backends/dbus/DBusHelperProxy.h @@ -21,6 +21,7 @@ #ifndef DBUS_HELPER_PROXY_H #define DBUS_HELPER_PROXY_H +#include <QDBusContext> #include <QVariant> #include "HelperProxy.h" #include "kauthactionreply.h" @@ -28,7 +29,7 @@ namespace KAuth { -class DBusHelperProxy : public HelperProxy +class DBusHelperProxy : public HelperProxy, protected QDBusContext { Q_OBJECT Q_INTERFACES(KAuth::HelperProxy) @@ -73,6 +74,9 @@ signals: private slots: void remoteSignalReceived(int type, const QString &action, QByteArray blob); + +private: + bool isCallerAuthorized(const QString &action, const QByteArray &callerID); }; } // namespace Auth --- a/kdecore/auth/backends/policykit/PolicyKitBackend.cpp +++ a/kdecore/auth/backends/policykit/PolicyKitBackend.cpp @@ -78,6 +78,11 @@ QByteArray PolicyKitBackend::callerID() const return a; } +AuthBackend::ExtraCallerIDVerificationMethod Polkit1Backend::extraCallerIDVerificationMethod() const +{ + return VerifyAgainstDBusServicePid; +} + bool PolicyKitBackend::isCallerAuthorized(const QString &action, QByteArray callerID) { QDataStream s(&callerID, QIODevice::ReadOnly); --- a/kdecore/auth/backends/policykit/PolicyKitBackend.h +++ a/kdecore/auth/backends/policykit/PolicyKitBackend.h @@ -40,6 +40,7 @@ public: virtual Action::AuthStatus authorizeAction(const QString&); virtual Action::AuthStatus actionStatus(const QString&); virtual QByteArray callerID() const; + virtual ExtraCallerIDVerificationMethod extraCallerIDVerificationMethod() const; virtual bool isCallerAuthorized(const QString &action, QByteArray callerID); private Q_SLOTS: --- a/kdecore/auth/backends/polkit-1/Polkit1Backend.cpp +++ a/kdecore/auth/backends/polkit-1/Polkit1Backend.cpp @@ -163,6 +163,11 @@ QByteArray Polkit1Backend::callerID() const return QDBusConnection::systemBus().baseService().toUtf8(); } +AuthBackend::ExtraCallerIDVerificationMethod Polkit1Backend::extraCallerIDVerificationMethod() const +{ + return VerifyAgainstDBusServiceName; +} + bool Polkit1Backend::isCallerAuthorized(const QString &action, QByteArray callerID) { PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID)); --- a/kdecore/auth/backends/polkit-1/Polkit1Backend.h +++ a/kdecore/auth/backends/polkit-1/Polkit1Backend.h @@ -48,6 +48,7 @@ public: virtual Action::AuthStatus authorizeAction(const QString&); virtual Action::AuthStatus actionStatus(const QString&); virtual QByteArray callerID() const; + virtual ExtraCallerIDVerificationMethod extraCallerIDVerificationMethod() const; virtual bool isCallerAuthorized(const QString &action, QByteArray callerID); virtual bool actionExists(const QString& action);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor