File: policykit-fix

package info (click to toggle)
brltty 5.6-10
  • links: PTS, VCS
  • area: main
  • in suites: bullseye, buster, sid
  • size: 25,116 kB
  • sloc: ansic: 117,871; sh: 6,590; java: 4,785; xml: 3,451; makefile: 1,973; tcl: 1,499; awk: 611; ml: 293; python: 250; lisp: 52
file content (22 lines) | stat: -rw-r--r-- 961 bytes parent folder | download | duplicates (5)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
commit b185abebde8880209c1735e90bc09ed0fce5d9a0
Author: Samuel Thibault <samuel.thibault@ens-lyon.org>
Date:   Wed Aug 1 18:09:16 2018 +0200

    Polkit auth: fix authentication failure with CVE-2018-1116 fix
    
    Tell polkit_unix_process_new_for_owner to get process start
    time from /proc, so it matches what the CVE-2018-1116 fix finds.

diff --git a/Programs/auth.c b/Programs/auth.c
index 26914bf5b..9ad2c63ae 100644
--- a/Programs/auth.c
+++ b/Programs/auth.c
@@ -510,7 +510,7 @@ authPolkit_server (AuthDescriptor *auth, FileDescriptor fd, void *data) {
   if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &cred, &length) != -1) {
     logMessage(LOG_DEBUG, "attempting to authenticate pid %d via polkit", cred.pid);
 
-    PolkitSubject *subject = polkit_unix_process_new_for_owner(cred.pid, -1, cred.uid);
+    PolkitSubject *subject = polkit_unix_process_new_for_owner(cred.pid, 0, cred.uid);
     if (subject) {
       GError *error_local = NULL;