Package: backintime / 1.1.12-2

Metadata

Package Version Patches format
backintime 1.1.12-2 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
01 858193 back up slash root perms.patch | (download)

common/snapshots.py | 14 14 + 0 - 0 !
1 file changed, 14 insertions(+)

 back up permissions of '/' as well
02 polkit vuln.patch | (download)

qt4/serviceHelper.py | 8 1 + 7 - 0 !
1 file changed, 1 insertion(+), 7 deletions(-)

 polkit checkauthorization: fix race condition in privilege authorization

 The unix-process authorization subject is deprecated:

 https://www.freedesktop.org/software/polkit/docs/latest/PolkitUnixProcess.html#polkit-unix-process-new

 as it is subject to a race condition. A client process requesting
 authorization can replace itself by a suid or otherwise root owned
 executable, thus granting the original non-privileged request
 privileges.

 See also:

 https://bugzilla.redhat.com/show_bug.cgi?id=1002375
 https://github.com/Kabot/Unix-Privilege-Escalation-Exploits-Pack/blob/master/2011/CVE-2011-1485/polkit-pwnage.c

 Polkit uses the real-uid of the process by now, thus mitigating the
 exploit using suid binaries. It is still possible, however, to exit the
 client process and try to get a root program to get the same PID.

 In worst case this would allow an unauthenticated user to get backintime
 or some other program to be executed via udev rules as root user.