Package: backintime / 1.1.12-2
Patch seriesview the series file
|01 858193 back up slash root perms.patch | (download)||
14 14 + 0 - 0 !
back up permissions of '/' as well
|02 polkit vuln.patch | (download)||
8 1 + 7 - 0 !
polkit checkauthorization: fix race condition in privilege authorization The unix-process authorization subject is deprecated: https://www.freedesktop.org/software/polkit/docs/latest/PolkitUnixProcess.html#polkit-unix-process-new as it is subject to a race condition. A client process requesting authorization can replace itself by a suid or otherwise root owned executable, thus granting the original non-privileged request privileges. See also: https://bugzilla.redhat.com/show_bug.cgi?id=1002375 https://github.com/Kabot/Unix-Privilege-Escalation-Exploits-Pack/blob/master/2011/CVE-2011-1485/polkit-pwnage.c Polkit uses the real-uid of the process by now, thus mitigating the exploit using suid binaries. It is still possible, however, to exit the client process and try to get a root program to get the same PID. In worst case this would allow an unauthenticated user to get backintime or some other program to be executed via udev rules as root user.