Package: brltty / 5.6-10

policykit-fix Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
commit b185abebde8880209c1735e90bc09ed0fce5d9a0
Author: Samuel Thibault <samuel.thibault@ens-lyon.org>
Date:   Wed Aug 1 18:09:16 2018 +0200

    Polkit auth: fix authentication failure with CVE-2018-1116 fix
    
    Tell polkit_unix_process_new_for_owner to get process start
    time from /proc, so it matches what the CVE-2018-1116 fix finds.

diff --git a/Programs/auth.c b/Programs/auth.c
index 26914bf5b..9ad2c63ae 100644
--- a/Programs/auth.c
+++ b/Programs/auth.c
@@ -510,7 +510,7 @@ authPolkit_server (AuthDescriptor *auth, FileDescriptor fd, void *data) {
   if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &cred, &length) != -1) {
     logMessage(LOG_DEBUG, "attempting to authenticate pid %d via polkit", cred.pid);
 
-    PolkitSubject *subject = polkit_unix_process_new_for_owner(cred.pid, -1, cred.uid);
+    PolkitSubject *subject = polkit_unix_process_new_for_owner(cred.pid, 0, cred.uid);
     if (subject) {
       GError *error_local = NULL;