summaryrefslogtreecommitdiffstats
path: root/source/l/polkit/CVE-2011-1485/0002-Make-PolkitUnixProcess-also-record-the-uid-of-the-pr.patch
diff options
context:
space:
mode:
Diffstat (limited to 'source/l/polkit/CVE-2011-1485/0002-Make-PolkitUnixProcess-also-record-the-uid-of-the-pr.patch')
-rw-r--r--source/l/polkit/CVE-2011-1485/0002-Make-PolkitUnixProcess-also-record-the-uid-of-the-pr.patch623
1 files changed, 623 insertions, 0 deletions
diff --git a/source/l/polkit/CVE-2011-1485/0002-Make-PolkitUnixProcess-also-record-the-uid-of-the-pr.patch b/source/l/polkit/CVE-2011-1485/0002-Make-PolkitUnixProcess-also-record-the-uid-of-the-pr.patch
new file mode 100644
index 000000000..81a163c68
--- /dev/null
+++ b/source/l/polkit/CVE-2011-1485/0002-Make-PolkitUnixProcess-also-record-the-uid-of-the-pr.patch
@@ -0,0 +1,623 @@
+From 129b6223a19e7fb2753f8cad7957ac5402394076 Mon Sep 17 00:00:00 2001
+From: David Zeuthen <davidz@redhat.com>
+Date: Fri, 1 Apr 2011 12:09:45 -0400
+Subject: [PATCH 2/4] Make PolkitUnixProcess also record the uid of the
+ process
+
+This is needed to avoid possible TOCTTOU issues since a process can
+change both its real uid and effective uid.
+
+Signed-off-by: David Zeuthen <davidz@redhat.com>
+---
+ docs/polkit/polkit-1-sections.txt | 7 +-
+ src/polkit/polkitsubject.c | 25 +++-
+ src/polkit/polkitunixprocess.c | 346 +++++++++++++++++++++++++------------
+ src/polkit/polkitunixprocess.h | 18 ++-
+ 4 files changed, 278 insertions(+), 118 deletions(-)
+
+diff --git a/docs/polkit/polkit-1-sections.txt b/docs/polkit/polkit-1-sections.txt
+index 12141e3..9f4fcf8 100644
+--- a/docs/polkit/polkit-1-sections.txt
++++ b/docs/polkit/polkit-1-sections.txt
+@@ -145,10 +145,13 @@ POLKIT_UNIX_SESSION_GET_CLASS
+ PolkitUnixProcess
+ polkit_unix_process_new
+ polkit_unix_process_new_full
++polkit_unix_process_new_for_owner
++polkit_unix_process_set_pid
+ polkit_unix_process_get_pid
++polkit_unix_process_set_start_time
+ polkit_unix_process_get_start_time
+-polkit_unix_process_set_pid
+-polkit_unix_process_get_owner
++polkit_unix_process_set_uid
++polkit_unix_process_get_uid
+ <SUBSECTION Standard>
+ PolkitUnixProcessClass
+ POLKIT_UNIX_PROCESS
+diff --git a/src/polkit/polkitsubject.c b/src/polkit/polkitsubject.c
+index 577afec..d2c4c20 100644
+--- a/src/polkit/polkitsubject.c
++++ b/src/polkit/polkitsubject.c
+@@ -238,13 +238,18 @@ polkit_subject_from_string (const gchar *str,
+ {
+ gint scanned_pid;
+ guint64 scanned_starttime;
+- if (sscanf (str, "unix-process:%d:%" G_GUINT64_FORMAT, &scanned_pid, &scanned_starttime) == 2)
++ gint scanned_uid;
++ if (sscanf (str, "unix-process:%d:%" G_GUINT64_FORMAT ":%d", &scanned_pid, &scanned_starttime, &scanned_uid) == 3)
++ {
++ subject = polkit_unix_process_new_for_owner (scanned_pid, scanned_starttime, scanned_uid);
++ }
++ else if (sscanf (str, "unix-process:%d:%" G_GUINT64_FORMAT, &scanned_pid, &scanned_starttime) == 2)
+ {
+ subject = polkit_unix_process_new_full (scanned_pid, scanned_starttime);
+ }
+ else if (sscanf (str, "unix-process:%d", &scanned_pid) == 1)
+ {
+- subject = polkit_unix_process_new_full (scanned_pid, 0);
++ subject = polkit_unix_process_new (scanned_pid);
+ if (polkit_unix_process_get_start_time (POLKIT_UNIX_PROCESS (subject)) == 0)
+ {
+ g_object_unref (subject);
+@@ -297,6 +302,8 @@ polkit_subject_to_gvariant (PolkitSubject *subject)
+ g_variant_new_uint32 (polkit_unix_process_get_pid (POLKIT_UNIX_PROCESS (subject))));
+ g_variant_builder_add (&builder, "{sv}", "start-time",
+ g_variant_new_uint64 (polkit_unix_process_get_start_time (POLKIT_UNIX_PROCESS (subject))));
++ g_variant_builder_add (&builder, "{sv}", "uid",
++ g_variant_new_int32 (polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject))));
+ }
+ else if (POLKIT_IS_UNIX_SESSION (subject))
+ {
+@@ -395,6 +402,7 @@ polkit_subject_new_for_gvariant (GVariant *variant,
+ GVariant *v;
+ guint32 pid;
+ guint64 start_time;
++ gint32 uid;
+
+ v = lookup_asv (details_gvariant, "pid", G_VARIANT_TYPE_UINT32, error);
+ if (v == NULL)
+@@ -414,7 +422,18 @@ polkit_subject_new_for_gvariant (GVariant *variant,
+ start_time = g_variant_get_uint64 (v);
+ g_variant_unref (v);
+
+- ret = polkit_unix_process_new_full (pid, start_time);
++ v = lookup_asv (details_gvariant, "uid", G_VARIANT_TYPE_INT32, error);
++ if (v != NULL)
++ {
++ uid = g_variant_get_int32 (v);
++ g_variant_unref (v);
++ }
++ else
++ {
++ uid = -1;
++ }
++
++ ret = polkit_unix_process_new_for_owner (pid, start_time, uid);
+ }
+ else if (g_strcmp0 (kind, "unix-session") == 0)
+ {
+diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c
+index 876da69..913be3a 100644
+--- a/src/polkit/polkitunixprocess.c
++++ b/src/polkit/polkitunixprocess.c
+@@ -62,6 +62,7 @@ struct _PolkitUnixProcess
+
+ gint pid;
+ guint64 start_time;
++ gint uid;
+ };
+
+ struct _PolkitUnixProcessClass
+@@ -74,6 +75,7 @@ enum
+ PROP_0,
+ PROP_PID,
+ PROP_START_TIME,
++ PROP_UID
+ };
+
+ static void subject_iface_init (PolkitSubjectIface *subject_iface);
+@@ -81,6 +83,9 @@ static void subject_iface_init (PolkitSubjectIface *subject_iface);
+ static guint64 get_start_time_for_pid (gint pid,
+ GError **error);
+
++static gint _polkit_unix_process_get_owner (PolkitUnixProcess *process,
++ GError **error);
++
+ #ifdef HAVE_FREEBSD
+ static gboolean get_kinfo_proc (gint pid, struct kinfo_proc *p);
+ #endif
+@@ -92,6 +97,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixProcess, polkit_unix_process, G_TYPE_OBJECT,
+ static void
+ polkit_unix_process_init (PolkitUnixProcess *unix_process)
+ {
++ unix_process->uid = -1;
+ }
+
+ static void
+@@ -108,6 +114,10 @@ polkit_unix_process_get_property (GObject *object,
+ g_value_set_int (value, unix_process->pid);
+ break;
+
++ case PROP_UID:
++ g_value_set_int (value, unix_process->uid);
++ break;
++
+ case PROP_START_TIME:
+ g_value_set_uint64 (value, unix_process->start_time);
+ break;
+@@ -132,6 +142,14 @@ polkit_unix_process_set_property (GObject *object,
+ polkit_unix_process_set_pid (unix_process, g_value_get_int (value));
+ break;
+
++ case PROP_UID:
++ polkit_unix_process_set_uid (unix_process, g_value_get_int (value));
++ break;
++
++ case PROP_START_TIME:
++ polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value));
++ break;
++
+ default:
+ G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
+ break;
+@@ -139,12 +157,39 @@ polkit_unix_process_set_property (GObject *object,
+ }
+
+ static void
++polkit_unix_process_constructed (GObject *object)
++{
++ PolkitUnixProcess *process = POLKIT_UNIX_PROCESS (object);
++
++ /* sets start_time and uid in case they are unset */
++
++ if (process->start_time == 0)
++ process->start_time = get_start_time_for_pid (process->pid, NULL);
++
++ if (process->uid == -1)
++ {
++ GError *error;
++ error = NULL;
++ process->uid = _polkit_unix_process_get_owner (process, &error);
++ if (error != NULL)
++ {
++ process->uid = -1;
++ g_error_free (error);
++ }
++ }
++
++ if (G_OBJECT_CLASS (polkit_unix_process_parent_class)->constructed != NULL)
++ G_OBJECT_CLASS (polkit_unix_process_parent_class)->constructed (object);
++}
++
++static void
+ polkit_unix_process_class_init (PolkitUnixProcessClass *klass)
+ {
+ GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
+
+ gobject_class->get_property = polkit_unix_process_get_property;
+ gobject_class->set_property = polkit_unix_process_set_property;
++ gobject_class->constructed = polkit_unix_process_constructed;
+
+ /**
+ * PolkitUnixProcess:pid:
+@@ -156,7 +201,7 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass)
+ g_param_spec_int ("pid",
+ "Process ID",
+ "The UNIX process ID",
+- -1,
++ 0,
+ G_MAXINT,
+ 0,
+ G_PARAM_CONSTRUCT |
+@@ -166,6 +211,27 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass)
+ G_PARAM_STATIC_NICK));
+
+ /**
++ * PolkitUnixProcess:uid:
++ *
++ * The UNIX user id of the process or -1 if unknown.
++ *
++ * Note that this is the real user-id, not the effective user-id.
++ */
++ g_object_class_install_property (gobject_class,
++ PROP_UID,
++ g_param_spec_int ("uid",
++ "User ID",
++ "The UNIX user ID",
++ -1,
++ G_MAXINT,
++ -1,
++ G_PARAM_CONSTRUCT |
++ G_PARAM_READWRITE |
++ G_PARAM_STATIC_NAME |
++ G_PARAM_STATIC_BLURB |
++ G_PARAM_STATIC_NICK));
++
++ /**
+ * PolkitUnixProcess:start-time:
+ *
+ * The start time of the process.
+@@ -178,7 +244,8 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass)
+ 0,
+ G_MAXUINT64,
+ 0,
+- G_PARAM_READABLE |
++ G_PARAM_CONSTRUCT |
++ G_PARAM_READWRITE |
+ G_PARAM_STATIC_NAME |
+ G_PARAM_STATIC_BLURB |
+ G_PARAM_STATIC_NICK));
+@@ -186,113 +253,50 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass)
+ }
+
+ /**
+- * polkit_unix_process_get_pid:
++ * polkit_unix_process_get_uid:
+ * @process: A #PolkitUnixProcess.
+ *
+- * Gets the process id for @process.
++ * Gets the user id for @process. Note that this is the real user-id,
++ * not the effective user-id.
+ *
+- * Returns: The process id for @process.
++ * Returns: The user id for @process or -1 if unknown.
+ */
+ gint
+-polkit_unix_process_get_pid (PolkitUnixProcess *process)
++polkit_unix_process_get_uid (PolkitUnixProcess *process)
+ {
+- g_return_val_if_fail (POLKIT_IS_UNIX_PROCESS (process), 0);
+- return process->pid;
++ g_return_val_if_fail (POLKIT_IS_UNIX_PROCESS (process), -1);
++ return process->uid;
+ }
+
+ /**
+- * polkit_unix_process_get_owner:
++ * polkit_unix_process_set_uid:
+ * @process: A #PolkitUnixProcess.
+- * @error: (allow-none): Return location for error or %NULL.
++ * @uid: The user id to set for @process or -1 to unset it.
+ *
+- * Gets the uid of the owner of @process.
++ * Sets the (real, not effective) user id for @process.
++ */
++void
++polkit_unix_process_set_uid (PolkitUnixProcess *process,
++ gint uid)
++{
++ g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process));
++ g_return_if_fail (uid >= -1);
++ process->uid = uid;
++}
++
++/**
++ * polkit_unix_process_get_pid:
++ * @process: A #PolkitUnixProcess.
+ *
+- * Note that this returns the real user-id (not the effective user-id) of @process.
++ * Gets the process id for @process.
+ *
+- * Returns: The UNIX user id of the owner for @process or 0 if @error is set.
+- **/
++ * Returns: The process id for @process.
++ */
+ gint
+-polkit_unix_process_get_owner (PolkitUnixProcess *process,
+- GError **error)
++polkit_unix_process_get_pid (PolkitUnixProcess *process)
+ {
+- gint result;
+- gchar *contents;
+- gchar **lines;
+-#ifdef HAVE_FREEBSD
+- struct kinfo_proc p;
+-#else
+- gchar filename[64];
+- guint n;
+-#endif
+-
+ g_return_val_if_fail (POLKIT_IS_UNIX_PROCESS (process), 0);
+- g_return_val_if_fail (error == NULL || *error == NULL, 0);
+-
+- result = 0;
+- lines = NULL;
+- contents = NULL;
+-
+-#ifdef HAVE_FREEBSD
+- if (get_kinfo_proc (process->pid, &p) == 0)
+- {
+- g_set_error (error,
+- POLKIT_ERROR,
+- POLKIT_ERROR_FAILED,
+- "get_kinfo_proc() failed for pid %d: %s",
+- process->pid,
+- g_strerror (errno));
+- goto out;
+- }
+-
+- result = p.ki_uid;
+-#else
+-
+- /* see 'man proc' for layout of the status file
+- *
+- * Uid, Gid: Real, effective, saved set, and file system UIDs (GIDs).
+- */
+- g_snprintf (filename, sizeof filename, "/proc/%d/status", process->pid);
+- if (!g_file_get_contents (filename,
+- &contents,
+- NULL,
+- error))
+- {
+- goto out;
+- }
+- lines = g_strsplit (contents, "\n", -1);
+- for (n = 0; lines != NULL && lines[n] != NULL; n++)
+- {
+- gint real_uid, effective_uid;
+- if (!g_str_has_prefix (lines[n], "Uid:"))
+- continue;
+- if (sscanf (lines[n] + 4, "%d %d", &real_uid, &effective_uid) != 2)
+- {
+- g_set_error (error,
+- POLKIT_ERROR,
+- POLKIT_ERROR_FAILED,
+- "Unexpected line `%s' in file %s",
+- lines[n],
+- filename);
+- goto out;
+- }
+- else
+- {
+- result = real_uid;
+- goto out;
+- }
+- }
+-
+- g_set_error (error,
+- POLKIT_ERROR,
+- POLKIT_ERROR_FAILED,
+- "Didn't find any line starting with `Uid:' in file %s",
+- filename);
+-#endif
+-
+-out:
+- g_strfreev (lines);
+- g_free (contents);
+- return result;
++ return process->pid;
+ }
+
+ /**
+@@ -311,6 +315,21 @@ polkit_unix_process_get_start_time (PolkitUnixProcess *process)
+ }
+
+ /**
++ * polkit_unix_process_set_start_time:
++ * @process: A #PolkitUnixProcess.
++ * @start_time: The start time for @pid.
++ *
++ * Set the start time of @process.
++ */
++void
++polkit_unix_process_set_start_time (PolkitUnixProcess *process,
++ guint64 start_time)
++{
++ g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process));
++ process->start_time = start_time;
++}
++
++/**
+ * polkit_unix_process_set_pid:
+ * @process: A #PolkitUnixProcess.
+ * @pid: A process id.
+@@ -323,18 +342,17 @@ polkit_unix_process_set_pid (PolkitUnixProcess *process,
+ {
+ g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process));
+ process->pid = pid;
+- if (pid != (gint) -1)
+- process->start_time = get_start_time_for_pid (pid, NULL);
+ }
+
+ /**
+ * polkit_unix_process_new:
+ * @pid: The process id.
+ *
+- * Creates a new #PolkitUnixProcess for @pid. The start time of the
+- * process will be looked up in using e.g. the
+- * <filename>/proc</filename> filesystem depending on the platform in
+- * use.
++ * Creates a new #PolkitUnixProcess for @pid.
++ *
++ * The uid and start time of the process will be looked up in using
++ * e.g. the <filename>/proc</filename> filesystem depending on the
++ * platform in use.
+ *
+ * Returns: (transfer full): A #PolkitSubject. Free with g_object_unref().
+ */
+@@ -353,22 +371,42 @@ polkit_unix_process_new (gint pid)
+ *
+ * Creates a new #PolkitUnixProcess object for @pid and @start_time.
+ *
++ * The uid of the process will be looked up in using e.g. the
++ * <filename>/proc</filename> filesystem depending on the platform in
++ * use.
++ *
+ * Returns: (transfer full): A #PolkitSubject. Free with g_object_unref().
+ */
+ PolkitSubject *
+ polkit_unix_process_new_full (gint pid,
+ guint64 start_time)
+ {
+- PolkitUnixProcess *process;
+-
+- process = POLKIT_UNIX_PROCESS (polkit_unix_process_new ((gint) -1));
+- process->pid = pid;
+- if (start_time != 0)
+- process->start_time = start_time;
+- else
+- process->start_time = get_start_time_for_pid (pid, NULL);
++ return POLKIT_SUBJECT (g_object_new (POLKIT_TYPE_UNIX_PROCESS,
++ "pid", pid,
++ "start_time", start_time,
++ NULL));
++}
+
+- return POLKIT_SUBJECT (process);
++/**
++ * polkit_unix_process_new_for_owner:
++ * @pid: The process id.
++ * @start_time: The start time for @pid or 0 to look it up in e.g. <filename>/proc</filename>.
++ * @uid: The (real, not effective) uid of the owner of @pid or -1 to look it up in e.g. <filename>/proc</filename>.
++ *
++ * Creates a new #PolkitUnixProcess object for @pid, @start_time and @uid.
++ *
++ * Returns: (transfer full): A #PolkitSubject. Free with g_object_unref().
++ */
++PolkitSubject *
++polkit_unix_process_new_for_owner (gint pid,
++ guint64 start_time,
++ gint uid)
++{
++ return POLKIT_SUBJECT (g_object_new (POLKIT_TYPE_UNIX_PROCESS,
++ "pid", pid,
++ "start_time", start_time,
++ "uid", uid,
++ NULL));
+ }
+
+ static guint
+@@ -616,3 +654,95 @@ out:
+
+ return start_time;
+ }
++
++static gint
++_polkit_unix_process_get_owner (PolkitUnixProcess *process,
++ GError **error)
++{
++ gint result;
++ gchar *contents;
++ gchar **lines;
++#ifdef HAVE_FREEBSD
++ struct kinfo_proc p;
++#else
++ gchar filename[64];
++ guint n;
++#endif
++
++ g_return_val_if_fail (POLKIT_IS_UNIX_PROCESS (process), 0);
++ g_return_val_if_fail (error == NULL || *error == NULL, 0);
++
++ result = 0;
++ lines = NULL;
++ contents = NULL;
++
++#ifdef HAVE_FREEBSD
++ if (get_kinfo_proc (process->pid, &p) == 0)
++ {
++ g_set_error (error,
++ POLKIT_ERROR,
++ POLKIT_ERROR_FAILED,
++ "get_kinfo_proc() failed for pid %d: %s",
++ process->pid,
++ g_strerror (errno));
++ goto out;
++ }
++
++ result = p.ki_uid;
++#else
++
++ /* see 'man proc' for layout of the status file
++ *
++ * Uid, Gid: Real, effective, saved set, and file system UIDs (GIDs).
++ */
++ g_snprintf (filename, sizeof filename, "/proc/%d/status", process->pid);
++ if (!g_file_get_contents (filename,
++ &contents,
++ NULL,
++ error))
++ {
++ goto out;
++ }
++ lines = g_strsplit (contents, "\n", -1);
++ for (n = 0; lines != NULL && lines[n] != NULL; n++)
++ {
++ gint real_uid, effective_uid;
++ if (!g_str_has_prefix (lines[n], "Uid:"))
++ continue;
++ if (sscanf (lines[n] + 4, "%d %d", &real_uid, &effective_uid) != 2)
++ {
++ g_set_error (error,
++ POLKIT_ERROR,
++ POLKIT_ERROR_FAILED,
++ "Unexpected line `%s' in file %s",
++ lines[n],
++ filename);
++ goto out;
++ }
++ else
++ {
++ result = real_uid;
++ goto out;
++ }
++ }
++
++ g_set_error (error,
++ POLKIT_ERROR,
++ POLKIT_ERROR_FAILED,
++ "Didn't find any line starting with `Uid:' in file %s",
++ filename);
++#endif
++
++out:
++ g_strfreev (lines);
++ g_free (contents);
++ return result;
++}
++
++/* deprecated public method */
++gint
++polkit_unix_process_get_owner (PolkitUnixProcess *process,
++ GError **error)
++{
++ return _polkit_unix_process_get_owner (process, error);
++}
+diff --git a/src/polkit/polkitunixprocess.h b/src/polkit/polkitunixprocess.h
+index b88cd03..531a57d 100644
+--- a/src/polkit/polkitunixprocess.h
++++ b/src/polkit/polkitunixprocess.h
+@@ -47,16 +47,24 @@ typedef struct _PolkitUnixProcess PolkitUnixProcess;
+ typedef struct _PolkitUnixProcessClass PolkitUnixProcessClass;
+
+ GType polkit_unix_process_get_type (void) G_GNUC_CONST;
+-PolkitSubject *polkit_unix_process_new (gint pid);
+-PolkitSubject *polkit_unix_process_new_full (gint pid,
+- guint64 start_time);
+-
++PolkitSubject *polkit_unix_process_new (gint pid);
++PolkitSubject *polkit_unix_process_new_full (gint pid,
++ guint64 start_time);
++PolkitSubject *polkit_unix_process_new_for_owner (gint pid,
++ guint64 start_time,
++ gint uid);
+ gint polkit_unix_process_get_pid (PolkitUnixProcess *process);
+ guint64 polkit_unix_process_get_start_time (PolkitUnixProcess *process);
++gint polkit_unix_process_get_uid (PolkitUnixProcess *process);
+ void polkit_unix_process_set_pid (PolkitUnixProcess *process,
+ gint pid);
++void polkit_unix_process_set_uid (PolkitUnixProcess *process,
++ gint uid);
++void polkit_unix_process_set_start_time (PolkitUnixProcess *process,
++ guint64 start_time);
++
+ gint polkit_unix_process_get_owner (PolkitUnixProcess *process,
+- GError **error);
++ GError **error) G_GNUC_DEPRECATED_FOR (polkit_unix_process_get_uid);
+
+ G_END_DECLS
+
+--
+1.7.4.4
+