Package: kwallet-pam / 5.8.4-1+deb9u2
Metadata
Package | Version | Patches format |
---|---|---|
kwallet-pam | 5.8.4-1+deb9u2 | 3.0 (quilt) |
Patch series
view the series filePatch | File delta | Description |
---|---|---|
Move salt creation to an unprivileged process.patch | (download) |
pam_kwallet.c |
120 71 + 49 - 0 ! |
move salt creation to an unprivileged process Opening files for writing as root is very tricky since through the power of symlinks we can get tricked to write in places we don't want to and we don't really need to be root to create the salt file |
Move socket creation to unprivileged codepath.patch | (download) |
pam_kwallet.c |
71 33 + 38 - 0 ! |
move socket creation to unprivileged codepath We don't need to be creating the socket as root, and doing so, specially having a chown is problematic security wise. |
Avoid giving an stderr to kwallet.patch | (download) |
pam_kwallet.c |
5 4 + 1 - 0 ! |
avoid giving an stderr to kwallet Summary: The fixes for CVE-2018-10380 introduced a regression for most users not using kde, and some for kde sessions. In particular the reorder of the close calls and creating a new socket caused that the socket is always assigned the file descriptor 2, aka stderr. BUG: 393856 Test Plan: It works Reviewers: #plasma, aacid Reviewed By: aacid Subscribers: asturmlechner, rdieter, davidedmundson, plasma-devel Tags: #plasma |
1