diff options
| -rw-r--r-- | kde-frameworks/kauth/files/kauth-5.0.0-CVE-2014-5033.patch | 53 |
1 files changed, 0 insertions, 53 deletions
diff --git a/kde-frameworks/kauth/files/kauth-5.0.0-CVE-2014-5033.patch b/kde-frameworks/kauth/files/kauth-5.0.0-CVE-2014-5033.patch deleted file mode 100644 index 94087c13f2f..00000000000 --- a/kde-frameworks/kauth/files/kauth-5.0.0-CVE-2014-5033.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 341b7d84b6d9c03cf56905cb277b47e11c81482a Mon Sep 17 00:00:00 2001 -From: "Martin T. H. Sandsmark" <martin.sandsmark@kde.org> -Date: Mon, 21 Jul 2014 22:45:55 +0200 -Subject: [PATCH] Use dbus system bus name instead of PID for authentication. - -Using the PID for authentication is prone to a PID reuse race condition, -and a security issue. - -REVIEW: 119323 ---- - src/backends/polkit-1/Polkit1Backend.cpp | 15 +++------------ - 1 file changed, 3 insertions(+), 12 deletions(-) - -diff --git a/src/backends/polkit-1/Polkit1Backend.cpp b/src/backends/polkit-1/Polkit1Backend.cpp -index 165f7bb..5cac3fb 100644 ---- a/src/backends/polkit-1/Polkit1Backend.cpp -+++ b/src/backends/polkit-1/Polkit1Backend.cpp -@@ -142,7 +142,7 @@ void Polkit1Backend::setupAction(const QString &action) - - Action::AuthStatus Polkit1Backend::actionStatus(const QString &action) - { -- PolkitQt1::UnixProcessSubject subject(QCoreApplication::applicationPid()); -+ PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID())); - PolkitQt1::Authority::Result r = PolkitQt1::Authority::instance()->checkAuthorizationSync(action, subject, - PolkitQt1::Authority::None); - switch (r) { -@@ -158,21 +158,12 @@ Action::AuthStatus Polkit1Backend::actionStatus(const QString &action) - - QByteArray Polkit1Backend::callerID() const - { -- QByteArray a; -- QDataStream s(&a, QIODevice::WriteOnly); -- s << QCoreApplication::applicationPid(); -- -- return a; -+ return QDBusConnection::systemBus().baseService().toUtf8(); - } - - bool Polkit1Backend::isCallerAuthorized(const QString &action, QByteArray callerID) - { -- QDataStream s(&callerID, QIODevice::ReadOnly); -- qint64 pid; -- -- s >> pid; -- -- PolkitQt1::UnixProcessSubject subject(pid); -+ PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID)); - PolkitQt1::Authority *authority = PolkitQt1::Authority::instance(); - - PolkitResultEventLoop e; --- -1.8.5.5 - |