summaryrefslogtreecommitdiffstats
path: root/abs/extra/polkit/CVE-2011-1485.patch
diff options
context:
space:
mode:
authorJames Meyer <james.meyer@operamail.com>2012-08-07 20:44:06 (GMT)
committerJames Meyer <james.meyer@operamail.com>2012-08-07 20:44:06 (GMT)
commit1286c7f751a1a20d08b1a85445b4757c712b203b (patch)
tree1c50311f7d4963a7836745293de29ae0fa0c4447 /abs/extra/polkit/CVE-2011-1485.patch
parent6073f35662d91dad364bd03a1760eca93860d0c3 (diff)
downloadlinhes_pkgbuild-1286c7f751a1a20d08b1a85445b4757c712b203b.zip
linhes_pkgbuild-1286c7f751a1a20d08b1a85445b4757c712b203b.tar.gz
linhes_pkgbuild-1286c7f751a1a20d08b1a85445b4757c712b203b.tar.bz2
polkit .105
Diffstat (limited to 'abs/extra/polkit/CVE-2011-1485.patch')
-rw-r--r--abs/extra/polkit/CVE-2011-1485.patch908
1 files changed, 0 insertions, 908 deletions
diff --git a/abs/extra/polkit/CVE-2011-1485.patch b/abs/extra/polkit/CVE-2011-1485.patch
deleted file mode 100644
index f7054a6..0000000
--- a/abs/extra/polkit/CVE-2011-1485.patch
+++ /dev/null
@@ -1,908 +0,0 @@
-From dd848a42a64a3b22a0cc60f6657b56ce9b6010ae Mon Sep 17 00:00:00 2001
-From: David Zeuthen <davidz@redhat.com>
-Date: Thu, 31 Mar 2011 16:59:09 +0000
-Subject: PolkitUnixProcess: Clarify that the real uid is returned, not the effective one
-
-On Linux, also switch to parsing /proc/<pid>/status instead of relying
-on the st_uid returned by stat(2) to be the uid we want.
-
-This was pointed out by Neel Mehta <nmehta@google.com>. Thanks!
-
-Signed-off-by: David Zeuthen <davidz@redhat.com>
----
-diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c
-index d95a1d4..876da69 100644
---- a/src/polkit/polkitunixprocess.c
-+++ b/src/polkit/polkitunixprocess.c
-@@ -24,9 +24,7 @@
- #endif
-
- #include <sys/types.h>
--#ifndef HAVE_FREEBSD
--#include <sys/stat.h>
--#else
-+#ifdef HAVE_FREEBSD
- #include <sys/param.h>
- #include <sys/sysctl.h>
- #include <sys/user.h>
-@@ -34,6 +32,7 @@
- #include <stdlib.h>
- #include <string.h>
- #include <errno.h>
-+#include <stdio.h>
-
- #include "polkitunixprocess.h"
- #include "polkitsubject.h"
-@@ -208,6 +207,8 @@ polkit_unix_process_get_pid (PolkitUnixProcess *process)
- *
- * Gets the uid of the owner of @process.
- *
-+ * Note that this returns the real user-id (not the effective user-id) of @process.
-+ *
- * Returns: The UNIX user id of the owner for @process or 0 if @error is set.
- **/
- gint
-@@ -215,17 +216,21 @@ polkit_unix_process_get_owner (PolkitUnixProcess *process,
- GError **error)
- {
- gint result;
-+ gchar *contents;
-+ gchar **lines;
- #ifdef HAVE_FREEBSD
- struct kinfo_proc p;
- #else
-- struct stat statbuf;
-- char procbuf[32];
-+ gchar filename[64];
-+ guint n;
- #endif
-
- g_return_val_if_fail (POLKIT_IS_UNIX_PROCESS (process), 0);
- g_return_val_if_fail (error == NULL || *error == NULL, 0);
-
- result = 0;
-+ lines = NULL;
-+ contents = NULL;
-
- #ifdef HAVE_FREEBSD
- if (get_kinfo_proc (process->pid, &p) == 0)
-@@ -241,23 +246,52 @@ polkit_unix_process_get_owner (PolkitUnixProcess *process,
-
- result = p.ki_uid;
- #else
-- g_snprintf (procbuf, sizeof procbuf, "/proc/%d", process->pid);
-- if (stat (procbuf, &statbuf) != 0)
-+
-+ /* see 'man proc' for layout of the status file
-+ *
-+ * Uid, Gid: Real, effective, saved set, and file system UIDs (GIDs).
-+ */
-+ g_snprintf (filename, sizeof filename, "/proc/%d/status", process->pid);
-+ if (!g_file_get_contents (filename,
-+ &contents,
-+ NULL,
-+ error))
- {
-- g_set_error (error,
-- POLKIT_ERROR,
-- POLKIT_ERROR_FAILED,
-- "stat() failed for /proc/%d: %s",
-- process->pid,
-- g_strerror (errno));
- goto out;
- }
-+ lines = g_strsplit (contents, "\n", -1);
-+ for (n = 0; lines != NULL && lines[n] != NULL; n++)
-+ {
-+ gint real_uid, effective_uid;
-+ if (!g_str_has_prefix (lines[n], "Uid:"))
-+ continue;
-+ if (sscanf (lines[n] + 4, "%d %d", &real_uid, &effective_uid) != 2)
-+ {
-+ g_set_error (error,
-+ POLKIT_ERROR,
-+ POLKIT_ERROR_FAILED,
-+ "Unexpected line `%s' in file %s",
-+ lines[n],
-+ filename);
-+ goto out;
-+ }
-+ else
-+ {
-+ result = real_uid;
-+ goto out;
-+ }
-+ }
-
-- result = statbuf.st_uid;
-+ g_set_error (error,
-+ POLKIT_ERROR,
-+ POLKIT_ERROR_FAILED,
-+ "Didn't find any line starting with `Uid:' in file %s",
-+ filename);
- #endif
-
-- out:
--
-+out:
-+ g_strfreev (lines);
-+ g_free (contents);
- return result;
- }
-
---
-cgit v0.8.3-6-g21f6
-From 129b6223a19e7fb2753f8cad7957ac5402394076 Mon Sep 17 00:00:00 2001
-From: David Zeuthen <davidz@redhat.com>
-Date: Fri, 01 Apr 2011 16:09:45 +0000
-Subject: Make PolkitUnixProcess also record the uid of the process
-
-This is needed to avoid possible TOCTTOU issues since a process can
-change both its real uid and effective uid.
-
-Signed-off-by: David Zeuthen <davidz@redhat.com>
----
-diff --git a/docs/polkit/polkit-1-sections.txt b/docs/polkit/polkit-1-sections.txt
-index 12141e3..9f4fcf8 100644
---- a/docs/polkit/polkit-1-sections.txt
-+++ b/docs/polkit/polkit-1-sections.txt
-@@ -145,10 +145,13 @@ POLKIT_UNIX_SESSION_GET_CLASS
- PolkitUnixProcess
- polkit_unix_process_new
- polkit_unix_process_new_full
-+polkit_unix_process_new_for_owner
-+polkit_unix_process_set_pid
- polkit_unix_process_get_pid
-+polkit_unix_process_set_start_time
- polkit_unix_process_get_start_time
--polkit_unix_process_set_pid
--polkit_unix_process_get_owner
-+polkit_unix_process_set_uid
-+polkit_unix_process_get_uid
- <SUBSECTION Standard>
- PolkitUnixProcessClass
- POLKIT_UNIX_PROCESS
-diff --git a/src/polkit/polkitsubject.c b/src/polkit/polkitsubject.c
-index 577afec..d2c4c20 100644
---- a/src/polkit/polkitsubject.c
-+++ b/src/polkit/polkitsubject.c
-@@ -238,13 +238,18 @@ polkit_subject_from_string (const gchar *str,
- {
- gint scanned_pid;
- guint64 scanned_starttime;
-- if (sscanf (str, "unix-process:%d:%" G_GUINT64_FORMAT, &scanned_pid, &scanned_starttime) == 2)
-+ gint scanned_uid;
-+ if (sscanf (str, "unix-process:%d:%" G_GUINT64_FORMAT ":%d", &scanned_pid, &scanned_starttime, &scanned_uid) == 3)
-+ {
-+ subject = polkit_unix_process_new_for_owner (scanned_pid, scanned_starttime, scanned_uid);
-+ }
-+ else if (sscanf (str, "unix-process:%d:%" G_GUINT64_FORMAT, &scanned_pid, &scanned_starttime) == 2)
- {
- subject = polkit_unix_process_new_full (scanned_pid, scanned_starttime);
- }
- else if (sscanf (str, "unix-process:%d", &scanned_pid) == 1)
- {
-- subject = polkit_unix_process_new_full (scanned_pid, 0);
-+ subject = polkit_unix_process_new (scanned_pid);
- if (polkit_unix_process_get_start_time (POLKIT_UNIX_PROCESS (subject)) == 0)
- {
- g_object_unref (subject);
-@@ -297,6 +302,8 @@ polkit_subject_to_gvariant (PolkitSubject *subject)
- g_variant_new_uint32 (polkit_unix_process_get_pid (POLKIT_UNIX_PROCESS (subject))));
- g_variant_builder_add (&builder, "{sv}", "start-time",
- g_variant_new_uint64 (polkit_unix_process_get_start_time (POLKIT_UNIX_PROCESS (subject))));
-+ g_variant_builder_add (&builder, "{sv}", "uid",
-+ g_variant_new_int32 (polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject))));
- }
- else if (POLKIT_IS_UNIX_SESSION (subject))
- {
-@@ -395,6 +402,7 @@ polkit_subject_new_for_gvariant (GVariant *variant,
- GVariant *v;
- guint32 pid;
- guint64 start_time;
-+ gint32 uid;
-
- v = lookup_asv (details_gvariant, "pid", G_VARIANT_TYPE_UINT32, error);
- if (v == NULL)
-@@ -414,7 +422,18 @@ polkit_subject_new_for_gvariant (GVariant *variant,
- start_time = g_variant_get_uint64 (v);
- g_variant_unref (v);
-
-- ret = polkit_unix_process_new_full (pid, start_time);
-+ v = lookup_asv (details_gvariant, "uid", G_VARIANT_TYPE_INT32, error);
-+ if (v != NULL)
-+ {
-+ uid = g_variant_get_int32 (v);
-+ g_variant_unref (v);
-+ }
-+ else
-+ {
-+ uid = -1;
-+ }
-+
-+ ret = polkit_unix_process_new_for_owner (pid, start_time, uid);
- }
- else if (g_strcmp0 (kind, "unix-session") == 0)
- {
-diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c
-index 876da69..913be3a 100644
---- a/src/polkit/polkitunixprocess.c
-+++ b/src/polkit/polkitunixprocess.c
-@@ -62,6 +62,7 @@ struct _PolkitUnixProcess
-
- gint pid;
- guint64 start_time;
-+ gint uid;
- };
-
- struct _PolkitUnixProcessClass
-@@ -74,6 +75,7 @@ enum
- PROP_0,
- PROP_PID,
- PROP_START_TIME,
-+ PROP_UID
- };
-
- static void subject_iface_init (PolkitSubjectIface *subject_iface);
-@@ -81,6 +83,9 @@ static void subject_iface_init (PolkitSubjectIface *subject_iface);
- static guint64 get_start_time_for_pid (gint pid,
- GError **error);
-
-+static gint _polkit_unix_process_get_owner (PolkitUnixProcess *process,
-+ GError **error);
-+
- #ifdef HAVE_FREEBSD
- static gboolean get_kinfo_proc (gint pid, struct kinfo_proc *p);
- #endif
-@@ -92,6 +97,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixProcess, polkit_unix_process, G_TYPE_OBJECT,
- static void
- polkit_unix_process_init (PolkitUnixProcess *unix_process)
- {
-+ unix_process->uid = -1;
- }
-
- static void
-@@ -108,6 +114,10 @@ polkit_unix_process_get_property (GObject *object,
- g_value_set_int (value, unix_process->pid);
- break;
-
-+ case PROP_UID:
-+ g_value_set_int (value, unix_process->uid);
-+ break;
-+
- case PROP_START_TIME:
- g_value_set_uint64 (value, unix_process->start_time);
- break;
-@@ -132,6 +142,14 @@ polkit_unix_process_set_property (GObject *object,
- polkit_unix_process_set_pid (unix_process, g_value_get_int (value));
- break;
-
-+ case PROP_UID:
-+ polkit_unix_process_set_uid (unix_process, g_value_get_int (value));
-+ break;
-+
-+ case PROP_START_TIME:
-+ polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value));
-+ break;
-+
- default:
- G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
- break;
-@@ -139,12 +157,39 @@ polkit_unix_process_set_property (GObject *object,
- }
-
- static void
-+polkit_unix_process_constructed (GObject *object)
-+{
-+ PolkitUnixProcess *process = POLKIT_UNIX_PROCESS (object);
-+
-+ /* sets start_time and uid in case they are unset */
-+
-+ if (process->start_time == 0)
-+ process->start_time = get_start_time_for_pid (process->pid, NULL);
-+
-+ if (process->uid == -1)
-+ {
-+ GError *error;
-+ error = NULL;
-+ process->uid = _polkit_unix_process_get_owner (process, &error);
-+ if (error != NULL)
-+ {
-+ process->uid = -1;
-+ g_error_free (error);
-+ }
-+ }
-+
-+ if (G_OBJECT_CLASS (polkit_unix_process_parent_class)->constructed != NULL)
-+ G_OBJECT_CLASS (polkit_unix_process_parent_class)->constructed (object);
-+}
-+
-+static void
- polkit_unix_process_class_init (PolkitUnixProcessClass *klass)
- {
- GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
-
- gobject_class->get_property = polkit_unix_process_get_property;
- gobject_class->set_property = polkit_unix_process_set_property;
-+ gobject_class->constructed = polkit_unix_process_constructed;
-
- /**
- * PolkitUnixProcess:pid:
-@@ -156,7 +201,7 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass)
- g_param_spec_int ("pid",
- "Process ID",
- "The UNIX process ID",
-- -1,
-+ 0,
- G_MAXINT,
- 0,
- G_PARAM_CONSTRUCT |
-@@ -166,6 +211,27 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass)
- G_PARAM_STATIC_NICK));
-
- /**
-+ * PolkitUnixProcess:uid:
-+ *
-+ * The UNIX user id of the process or -1 if unknown.
-+ *
-+ * Note that this is the real user-id, not the effective user-id.
-+ */
-+ g_object_class_install_property (gobject_class,
-+ PROP_UID,
-+ g_param_spec_int ("uid",
-+ "User ID",
-+ "The UNIX user ID",
-+ -1,
-+ G_MAXINT,
-+ -1,
-+ G_PARAM_CONSTRUCT |
-+ G_PARAM_READWRITE |
-+ G_PARAM_STATIC_NAME |
-+ G_PARAM_STATIC_BLURB |
-+ G_PARAM_STATIC_NICK));
-+
-+ /**
- * PolkitUnixProcess:start-time:
- *
- * The start time of the process.
-@@ -178,7 +244,8 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass)
- 0,
- G_MAXUINT64,
- 0,
-- G_PARAM_READABLE |
-+ G_PARAM_CONSTRUCT |
-+ G_PARAM_READWRITE |
- G_PARAM_STATIC_NAME |
- G_PARAM_STATIC_BLURB |
- G_PARAM_STATIC_NICK));
-@@ -186,113 +253,50 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass)
- }
-
- /**
-- * polkit_unix_process_get_pid:
-+ * polkit_unix_process_get_uid:
- * @process: A #PolkitUnixProcess.
- *
-- * Gets the process id for @process.
-+ * Gets the user id for @process. Note that this is the real user-id,
-+ * not the effective user-id.
- *
-- * Returns: The process id for @process.
-+ * Returns: The user id for @process or -1 if unknown.
- */
- gint
--polkit_unix_process_get_pid (PolkitUnixProcess *process)
-+polkit_unix_process_get_uid (PolkitUnixProcess *process)
- {
-- g_return_val_if_fail (POLKIT_IS_UNIX_PROCESS (process), 0);
-- return process->pid;
-+ g_return_val_if_fail (POLKIT_IS_UNIX_PROCESS (process), -1);
-+ return process->uid;
- }
-
- /**
-- * polkit_unix_process_get_owner:
-+ * polkit_unix_process_set_uid:
- * @process: A #PolkitUnixProcess.
-- * @error: (allow-none): Return location for error or %NULL.
-+ * @uid: The user id to set for @process or -1 to unset it.
- *
-- * Gets the uid of the owner of @process.
-+ * Sets the (real, not effective) user id for @process.
-+ */
-+void
-+polkit_unix_process_set_uid (PolkitUnixProcess *process,
-+ gint uid)
-+{
-+ g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process));
-+ g_return_if_fail (uid >= -1);
-+ process->uid = uid;
-+}
-+
-+/**
-+ * polkit_unix_process_get_pid:
-+ * @process: A #PolkitUnixProcess.
- *
-- * Note that this returns the real user-id (not the effective user-id) of @process.
-+ * Gets the process id for @process.
- *
-- * Returns: The UNIX user id of the owner for @process or 0 if @error is set.
-- **/
-+ * Returns: The process id for @process.
-+ */
- gint
--polkit_unix_process_get_owner (PolkitUnixProcess *process,
-- GError **error)
-+polkit_unix_process_get_pid (PolkitUnixProcess *process)
- {
-- gint result;
-- gchar *contents;
-- gchar **lines;
--#ifdef HAVE_FREEBSD
-- struct kinfo_proc p;
--#else
-- gchar filename[64];
-- guint n;
--#endif
--
- g_return_val_if_fail (POLKIT_IS_UNIX_PROCESS (process), 0);
-- g_return_val_if_fail (error == NULL || *error == NULL, 0);
--
-- result = 0;
-- lines = NULL;
-- contents = NULL;
--
--#ifdef HAVE_FREEBSD
-- if (get_kinfo_proc (process->pid, &p) == 0)
-- {
-- g_set_error (error,
-- POLKIT_ERROR,
-- POLKIT_ERROR_FAILED,
-- "get_kinfo_proc() failed for pid %d: %s",
-- process->pid,
-- g_strerror (errno));
-- goto out;
-- }
--
-- result = p.ki_uid;
--#else
--
-- /* see 'man proc' for layout of the status file
-- *
-- * Uid, Gid: Real, effective, saved set, and file system UIDs (GIDs).
-- */
-- g_snprintf (filename, sizeof filename, "/proc/%d/status", process->pid);
-- if (!g_file_get_contents (filename,
-- &contents,
-- NULL,
-- error))
-- {
-- goto out;
-- }
-- lines = g_strsplit (contents, "\n", -1);
-- for (n = 0; lines != NULL && lines[n] != NULL; n++)
-- {
-- gint real_uid, effective_uid;
-- if (!g_str_has_prefix (lines[n], "Uid:"))
-- continue;
-- if (sscanf (lines[n] + 4, "%d %d", &real_uid, &effective_uid) != 2)
-- {
-- g_set_error (error,
-- POLKIT_ERROR,
-- POLKIT_ERROR_FAILED,
-- "Unexpected line `%s' in file %s",
-- lines[n],
-- filename);
-- goto out;
-- }
-- else
-- {
-- result = real_uid;
-- goto out;
-- }
-- }
--
-- g_set_error (error,
-- POLKIT_ERROR,
-- POLKIT_ERROR_FAILED,
-- "Didn't find any line starting with `Uid:' in file %s",
-- filename);
--#endif
--
--out:
-- g_strfreev (lines);
-- g_free (contents);
-- return result;
-+ return process->pid;
- }
-
- /**
-@@ -311,6 +315,21 @@ polkit_unix_process_get_start_time (PolkitUnixProcess *process)
- }
-
- /**
-+ * polkit_unix_process_set_start_time:
-+ * @process: A #PolkitUnixProcess.
-+ * @start_time: The start time for @pid.
-+ *
-+ * Set the start time of @process.
-+ */
-+void
-+polkit_unix_process_set_start_time (PolkitUnixProcess *process,
-+ guint64 start_time)
-+{
-+ g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process));
-+ process->start_time = start_time;
-+}
-+
-+/**
- * polkit_unix_process_set_pid:
- * @process: A #PolkitUnixProcess.
- * @pid: A process id.
-@@ -323,18 +342,17 @@ polkit_unix_process_set_pid (PolkitUnixProcess *process,
- {
- g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process));
- process->pid = pid;
-- if (pid != (gint) -1)
-- process->start_time = get_start_time_for_pid (pid, NULL);
- }
-
- /**
- * polkit_unix_process_new:
- * @pid: The process id.
- *
-- * Creates a new #PolkitUnixProcess for @pid. The start time of the
-- * process will be looked up in using e.g. the
-- * <filename>/proc</filename> filesystem depending on the platform in
-- * use.
-+ * Creates a new #PolkitUnixProcess for @pid.
-+ *
-+ * The uid and start time of the process will be looked up in using
-+ * e.g. the <filename>/proc</filename> filesystem depending on the
-+ * platform in use.
- *
- * Returns: (transfer full): A #PolkitSubject. Free with g_object_unref().
- */
-@@ -353,22 +371,42 @@ polkit_unix_process_new (gint pid)
- *
- * Creates a new #PolkitUnixProcess object for @pid and @start_time.
- *
-+ * The uid of the process will be looked up in using e.g. the
-+ * <filename>/proc</filename> filesystem depending on the platform in
-+ * use.
-+ *
- * Returns: (transfer full): A #PolkitSubject. Free with g_object_unref().
- */
- PolkitSubject *
- polkit_unix_process_new_full (gint pid,
- guint64 start_time)
- {
-- PolkitUnixProcess *process;
--
-- process = POLKIT_UNIX_PROCESS (polkit_unix_process_new ((gint) -1));
-- process->pid = pid;
-- if (start_time != 0)
-- process->start_time = start_time;
-- else
-- process->start_time = get_start_time_for_pid (pid, NULL);
-+ return POLKIT_SUBJECT (g_object_new (POLKIT_TYPE_UNIX_PROCESS,
-+ "pid", pid,
-+ "start_time", start_time,
-+ NULL));
-+}
-
-- return POLKIT_SUBJECT (process);
-+/**
-+ * polkit_unix_process_new_for_owner:
-+ * @pid: The process id.
-+ * @start_time: The start time for @pid or 0 to look it up in e.g. <filename>/proc</filename>.
-+ * @uid: The (real, not effective) uid of the owner of @pid or -1 to look it up in e.g. <filename>/proc</filename>.
-+ *
-+ * Creates a new #PolkitUnixProcess object for @pid, @start_time and @uid.
-+ *
-+ * Returns: (transfer full): A #PolkitSubject. Free with g_object_unref().
-+ */
-+PolkitSubject *
-+polkit_unix_process_new_for_owner (gint pid,
-+ guint64 start_time,
-+ gint uid)
-+{
-+ return POLKIT_SUBJECT (g_object_new (POLKIT_TYPE_UNIX_PROCESS,
-+ "pid", pid,
-+ "start_time", start_time,
-+ "uid", uid,
-+ NULL));
- }
-
- static guint
-@@ -616,3 +654,95 @@ out:
-
- return start_time;
- }
-+
-+static gint
-+_polkit_unix_process_get_owner (PolkitUnixProcess *process,
-+ GError **error)
-+{
-+ gint result;
-+ gchar *contents;
-+ gchar **lines;
-+#ifdef HAVE_FREEBSD
-+ struct kinfo_proc p;
-+#else
-+ gchar filename[64];
-+ guint n;
-+#endif
-+
-+ g_return_val_if_fail (POLKIT_IS_UNIX_PROCESS (process), 0);
-+ g_return_val_if_fail (error == NULL || *error == NULL, 0);
-+
-+ result = 0;
-+ lines = NULL;
-+ contents = NULL;
-+
-+#ifdef HAVE_FREEBSD
-+ if (get_kinfo_proc (process->pid, &p) == 0)
-+ {
-+ g_set_error (error,
-+ POLKIT_ERROR,
-+ POLKIT_ERROR_FAILED,
-+ "get_kinfo_proc() failed for pid %d: %s",
-+ process->pid,
-+ g_strerror (errno));
-+ goto out;
-+ }
-+
-+ result = p.ki_uid;
-+#else
-+
-+ /* see 'man proc' for layout of the status file
-+ *
-+ * Uid, Gid: Real, effective, saved set, and file system UIDs (GIDs).
-+ */
-+ g_snprintf (filename, sizeof filename, "/proc/%d/status", process->pid);
-+ if (!g_file_get_contents (filename,
-+ &contents,
-+ NULL,
-+ error))
-+ {
-+ goto out;
-+ }
-+ lines = g_strsplit (contents, "\n", -1);
-+ for (n = 0; lines != NULL && lines[n] != NULL; n++)
-+ {
-+ gint real_uid, effective_uid;
-+ if (!g_str_has_prefix (lines[n], "Uid:"))
-+ continue;
-+ if (sscanf (lines[n] + 4, "%d %d", &real_uid, &effective_uid) != 2)
-+ {
-+ g_set_error (error,
-+ POLKIT_ERROR,
-+ POLKIT_ERROR_FAILED,
-+ "Unexpected line `%s' in file %s",
-+ lines[n],
-+ filename);
-+ goto out;
-+ }
-+ else
-+ {
-+ result = real_uid;
-+ goto out;
-+ }
-+ }
-+
-+ g_set_error (error,
-+ POLKIT_ERROR,
-+ POLKIT_ERROR_FAILED,
-+ "Didn't find any line starting with `Uid:' in file %s",
-+ filename);
-+#endif
-+
-+out:
-+ g_strfreev (lines);
-+ g_free (contents);
-+ return result;
-+}
-+
-+/* deprecated public method */
-+gint
-+polkit_unix_process_get_owner (PolkitUnixProcess *process,
-+ GError **error)
-+{
-+ return _polkit_unix_process_get_owner (process, error);
-+}
-diff --git a/src/polkit/polkitunixprocess.h b/src/polkit/polkitunixprocess.h
-index b88cd03..531a57d 100644
---- a/src/polkit/polkitunixprocess.h
-+++ b/src/polkit/polkitunixprocess.h
-@@ -47,16 +47,24 @@ typedef struct _PolkitUnixProcess PolkitUnixProcess;
- typedef struct _PolkitUnixProcessClass PolkitUnixProcessClass;
-
- GType polkit_unix_process_get_type (void) G_GNUC_CONST;
--PolkitSubject *polkit_unix_process_new (gint pid);
--PolkitSubject *polkit_unix_process_new_full (gint pid,
-- guint64 start_time);
--
-+PolkitSubject *polkit_unix_process_new (gint pid);
-+PolkitSubject *polkit_unix_process_new_full (gint pid,
-+ guint64 start_time);
-+PolkitSubject *polkit_unix_process_new_for_owner (gint pid,
-+ guint64 start_time,
-+ gint uid);
- gint polkit_unix_process_get_pid (PolkitUnixProcess *process);
- guint64 polkit_unix_process_get_start_time (PolkitUnixProcess *process);
-+gint polkit_unix_process_get_uid (PolkitUnixProcess *process);
- void polkit_unix_process_set_pid (PolkitUnixProcess *process,
- gint pid);
-+void polkit_unix_process_set_uid (PolkitUnixProcess *process,
-+ gint uid);
-+void polkit_unix_process_set_start_time (PolkitUnixProcess *process,
-+ guint64 start_time);
-+
- gint polkit_unix_process_get_owner (PolkitUnixProcess *process,
-- GError **error);
-+ GError **error) G_GNUC_DEPRECATED_FOR (polkit_unix_process_get_uid);
-
- G_END_DECLS
-
---
-cgit v0.8.3-6-g21f6
-From c23d74447c7615dc74dae259f0fc3688ec988867 Mon Sep 17 00:00:00 2001
-From: David Zeuthen <davidz@redhat.com>
-Date: Fri, 01 Apr 2011 16:12:27 +0000
-Subject: Use polkit_unix_process_get_uid() to get the owner of a process
-
-This avoids a TOCTTOU problem.
-
-Signed-off-by: David Zeuthen <davidz@redhat.com>
----
-diff --git a/src/polkitbackend/polkitbackendsessionmonitor.c b/src/polkitbackend/polkitbackendsessionmonitor.c
-index 495f752..9c331b6 100644
---- a/src/polkitbackend/polkitbackendsessionmonitor.c
-+++ b/src/polkitbackend/polkitbackendsessionmonitor.c
-@@ -293,14 +293,15 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor
-
- if (POLKIT_IS_UNIX_PROCESS (subject))
- {
-- local_error = NULL;
-- uid = polkit_unix_process_get_owner (POLKIT_UNIX_PROCESS (subject), &local_error);
-- if (local_error != NULL)
-+ uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject));
-+ if ((gint) uid == -1)
- {
-- g_propagate_prefixed_error (error, local_error, "Error getting user for process: ");
-+ g_set_error (error,
-+ POLKIT_ERROR,
-+ POLKIT_ERROR_FAILED,
-+ "Unix process subject does not have uid set");
- goto out;
- }
--
- ret = polkit_unix_user_new (uid);
- }
- else if (POLKIT_IS_SYSTEM_BUS_NAME (subject))
---
-cgit v0.8.3-6-g21f6
-From 3b12cfac29dddd27f1f166a7574d8374cc1dccf2 Mon Sep 17 00:00:00 2001
-From: David Zeuthen <davidz@redhat.com>
-Date: Fri, 01 Apr 2011 16:13:15 +0000
-Subject: pkexec: Avoid TOCTTOU problems with parent process
-
-In a nutshell, the parent process may change its uid (either real- or
-effective uid) after launching pkexec. It can do this by exec()'ing
-e.g. a setuid root program.
-
-To avoid this problem, just use the uid the parent process had when it
-executed pkexec. This happens to be the same uid of the pkexec process
-itself.
-
-Additionally, remove some dubious code that allowed pkexec to continue
-when the parent process died as there is no reason to support
-something like that. Also ensure that the pkexec process is killed if
-the parent process dies.
-
-This problem was pointed out by Neel Mehta <nmehta@google.com>.
-
-Signed-off-by: David Zeuthen <davidz@redhat.com>
----
-diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c
-index 9217954..3e656be 100644
---- a/src/programs/pkexec.c
-+++ b/src/programs/pkexec.c
-@@ -35,6 +35,10 @@
- #include <pwd.h>
- #include <errno.h>
-
-+#ifdef __linux__
-+#include <sys/prctl.h>
-+#endif
-+
- #include <glib/gi18n.h>
-
- #ifdef POLKIT_AUTHFW_PAM
-@@ -423,7 +427,6 @@ main (int argc, char *argv[])
- GPtrArray *saved_env;
- gchar *opt_user;
- pid_t pid_of_caller;
-- uid_t uid_of_caller;
- gpointer local_agent_handle;
-
- ret = 127;
-@@ -598,40 +601,49 @@ main (int argc, char *argv[])
- */
- g_type_init ();
-
-- /* now check if the program that invoked us is authorized */
-+ /* make sure we are nuked if the parent process dies */
-+#ifdef __linux__
-+ if (prctl (PR_SET_PDEATHSIG, SIGTERM) != 0)
-+ {
-+ g_printerr ("prctl(PR_SET_PDEATHSIG, SIGTERM) failed: %s\n", g_strerror (errno));
-+ goto out;
-+ }
-+#else
-+#warning "Please add OS specific code to catch when the parent dies"
-+#endif
-+
-+ /* Figure out the parent process */
- pid_of_caller = getppid ();
- if (pid_of_caller == 1)
- {
- /* getppid() can return 1 if the parent died (meaning that we are reaped
-- * by /sbin/init); get process group leader instead - for example, this
-- * happens when launching via gnome-panel (alt+f2, then 'pkexec gedit').
-+ * by /sbin/init); In that case we simpy bail.
- */
-- pid_of_caller = getpgrp ();
-- }
--
-- subject = polkit_unix_process_new (pid_of_caller);
-- if (subject == NULL)
-- {
-- g_printerr ("No such process for pid %d: %s\n", (gint) pid_of_caller, error->message);
-- g_error_free (error);
-+ g_printerr ("Refusing to render service to dead parents.\n");
- goto out;
- }
-
-- /* paranoia: check that the uid of pid_of_caller matches getuid() */
-- error = NULL;
-- uid_of_caller = polkit_unix_process_get_owner (POLKIT_UNIX_PROCESS (subject),
-- &error);
-- if (error != NULL)
-- {
-- g_printerr ("Error determing pid of caller (pid %d): %s\n", (gint) pid_of_caller, error->message);
-- g_error_free (error);
-- goto out;
-- }
-- if (uid_of_caller != getuid ())
-- {
-- g_printerr ("User of caller (%d) does not match our uid (%d)\n", uid_of_caller, getuid ());
-- goto out;
-- }
-+ /* This process we want to check an authorization for is the process
-+ * that launched us - our parent process.
-+ *
-+ * At the time the parent process fork()'ed and exec()'ed us, the
-+ * process had the same real-uid that we have now. So we use this
-+ * real-uid instead of of looking it up to avoid TOCTTOU issues
-+ * (consider the parent process exec()'ing a setuid helper).
-+ *
-+ * On the other hand, the monotonic process start-time is guaranteed
-+ * to never change so it's safe to look that up given only the PID
-+ * since we are guaranteed to be nuked if the parent goes away
-+ * (cf. the prctl(2) call above).
-+ */
-+ subject = polkit_unix_process_new_for_owner (pid_of_caller,
-+ 0, /* 0 means "look up start-time in /proc" */
-+ getuid ());
-+ /* really double-check the invariants guaranteed by the PolkitUnixProcess class */
-+ g_assert (subject != NULL);
-+ g_assert (polkit_unix_process_get_pid (POLKIT_UNIX_PROCESS (subject)) == pid_of_caller);
-+ g_assert (polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)) >= 0);
-+ g_assert (polkit_unix_process_get_start_time (POLKIT_UNIX_PROCESS (subject)) > 0);
-
- error = NULL;
- authority = polkit_authority_get_sync (NULL /* GCancellable* */, &error);
---
-cgit v0.8.3-6-g21f6