calculate
/
gentoo-overlay
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'e36cf5fd92'
${ noResults }
gentoo-overlay/app-admin/system-tools-backends/files/system-tools-backends-2.8.2...

48 lines
1.9 KiB
Raw Blame History

From 544d679c2796602ff277e78e238abd56d30ad633 Mon Sep 17 00:00:00 2001
From: Gilles Dartiguelongue <eva@gentoo.org>
Date: Mon, 14 Dec 2009 20:37:58 +0100
Subject: [PATCH 3/4] Gentoo: fix CVE-2008-4311
commit fd648907e46017d46c367f59c62d0b0395830903
Author: Simon McVittie <http://smcv.pseudorandom.co.uk/>
Date: 2009-01-04 19:35:51 +0000
Allow root to send messages to all the system tools backends, so
they work even when CVE-2008-4311 has been fixed.
Also disallow normal user access by destination, not by
interface (fd.o #18961).
---
org.freedesktop.SystemToolsBackends.conf | 8 ++++----
1 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/org.freedesktop.SystemToolsBackends.conf b/org.freedesktop.SystemToolsBackends.conf
index 58972ee..537ef73 100644
--- a/org.freedesktop.SystemToolsBackends.conf
+++ b/org.freedesktop.SystemToolsBackends.conf
@@ -22,8 +22,10 @@
<allow send_interface="org.freedesktop.SystemToolsBackends.Platform" send_member="getPlatform"/>
-->
- <!-- Only allow talking to the dispatcher -->
- <allow send_destination="org.freedesktop.SystemToolsBackends"/>
+ <!-- configuration modules can't be accessed directly... -->
+ <deny send_destination="org.freedesktop.SystemToolsBackends"/>
+ <deny send_destination="org.freedesktop.SystemToolsBackends.Platform"/>
+ <deny send_destination="org.freedesktop.SystemToolsBackends"/>
</policy>
<policy user="0">
@@ -45,8 +47,6 @@
<!-- be able to speak to configuration modules,
so any message to them has to go through the dispatcher -->
- <allow send_interface="org.freedesktop.SystemToolsBackends"/>
- <allow send_interface="org.freedesktop.SystemToolsBackends.Platform"/>
<allow send_destination="org.freedesktop.SystemToolsBackends"/>
<allow send_destination="org.freedesktop.SystemToolsBackends.Platform"/>
<allow send_destination="org.freedesktop.SystemToolsBackends.GroupsConfig"/>
--
1.6.5.4
Reference in new issue View Git Blame Copy Permalink