blob: 47f93da74f1607494840d582a7f278a54e8c15a8 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
From 544d679c2796602ff277e78e238abd56d30ad633 Mon Sep 17 00:00:00 2001
From: Gilles Dartiguelongue <eva@gentoo.org>
Date: Mon, 14 Dec 2009 20:37:58 +0100
Subject: [PATCH 3/4] Gentoo: fix CVE-2008-4311
commit fd648907e46017d46c367f59c62d0b0395830903
Author: Simon McVittie <http://smcv.pseudorandom.co.uk/>
Date: 2009-01-04 19:35:51 +0000
Allow root to send messages to all the system tools backends, so
they work even when CVE-2008-4311 has been fixed.
Also disallow normal user access by destination, not by
interface (fd.o #18961).
---
org.freedesktop.SystemToolsBackends.conf | 8 ++++----
1 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/org.freedesktop.SystemToolsBackends.conf b/org.freedesktop.SystemToolsBackends.conf
index 58972ee..537ef73 100644
--- a/org.freedesktop.SystemToolsBackends.conf
+++ b/org.freedesktop.SystemToolsBackends.conf
@@ -22,8 +22,10 @@
<allow send_interface="org.freedesktop.SystemToolsBackends.Platform" send_member="getPlatform"/>
-->
- <!-- Only allow talking to the dispatcher -->
- <allow send_destination="org.freedesktop.SystemToolsBackends"/>
+ <!-- configuration modules can't be accessed directly... -->
+ <deny send_destination="org.freedesktop.SystemToolsBackends"/>
+ <deny send_destination="org.freedesktop.SystemToolsBackends.Platform"/>
+ <deny send_destination="org.freedesktop.SystemToolsBackends"/>
</policy>
<policy user="0">
@@ -45,8 +47,6 @@
<!-- be able to speak to configuration modules,
so any message to them has to go through the dispatcher -->
- <allow send_interface="org.freedesktop.SystemToolsBackends"/>
- <allow send_interface="org.freedesktop.SystemToolsBackends.Platform"/>
<allow send_destination="org.freedesktop.SystemToolsBackends"/>
<allow send_destination="org.freedesktop.SystemToolsBackends.Platform"/>
<allow send_destination="org.freedesktop.SystemToolsBackends.GroupsConfig"/>
--
1.6.5.4
|
GitWeb
