登录 注册
开源 企业版 高校版 私有云 Gitee AI NEW
扫描微信二维码支付
取消
支付完成
Watch
不关注 关注所有动态 仅关注版本发行动态 关注但不提醒动态
13 Star 0 Fork 1

ocs-bot/rtkit

forked from OpenCloudOS Stream/rtkit 
代码 Issues 0 Pull Requests 0 Wiki 统计 流水线
服务
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
文件
该仓库未声明开源许可证文件(LICENSE),使用请关注具体项目描述及其代码上游依赖。
项目仓库所选许可证以仓库主分支所使用许可证为准
克隆/下载
0001-SECURITY-Pass-uid-of-caller-to-polkit.patch 2.18 KB
一键复制 编辑 原始数据 按行查看 历史
nilusyi 提交于 2023-02-22 17:49 . OCS package init
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748
From f44c5776b25ca2abd7569fb8532c6aede9b0c6b0 Mon Sep 17 00:00:00 2001

From: Colin Walters <[email protected]>

Date: Thu, 22 Aug 2013 16:05:22 -0400

Subject: [PATCH] [SECURITY] Pass uid of caller to polkit



Otherwise, we force polkit to look up the uid itself in /proc, which

is racy if they execve() a setuid binary.

---

 rtkit-daemon.c |   11 ++++++++++-

 1 files changed, 10 insertions(+), 1 deletions(-)



diff --git a/rtkit-daemon.c b/rtkit-daemon.c

index 2ebe673..3ecc1f7 100644

--- a/rtkit-daemon.c

+++ b/rtkit-daemon.c

@@ -1170,12 +1170,14 @@ static int verify_polkit(DBusConnection *c, struct rtkit_user *u, struct process

         DBusMessage *m = NULL, *r = NULL;

         const char *unix_process = "unix-process";

         const char *pid = "pid";

+        const char *uid = "uid";

         const char *start_time = "start-time";

         const char *cancel_id = "";

         uint32_t flags = 0;

         uint32_t pid_u32 = p->pid;

-        uint64_t start_time_u64 = p->starttime;

+        uint32_t uid_u32 = (uint32_t)u->uid;

         DBusMessageIter iter_msg, iter_struct, iter_array, iter_dict, iter_variant;

+        uint64_t start_time_u64 = p->starttime;

         int ret;

         dbus_bool_t authorized = FALSE;

 

@@ -1206,6 +1208,13 @@ static int verify_polkit(DBusConnection *c, struct rtkit_user *u, struct process

         assert_se(dbus_message_iter_close_container(&iter_dict, &iter_variant));

         assert_se(dbus_message_iter_close_container(&iter_array, &iter_dict));

 

+        assert_se(dbus_message_iter_open_container(&iter_array, DBUS_TYPE_DICT_ENTRY, NULL, &iter_dict));

+        assert_se(dbus_message_iter_append_basic(&iter_dict, DBUS_TYPE_STRING, &uid));

+        assert_se(dbus_message_iter_open_container(&iter_dict, DBUS_TYPE_VARIANT, "u", &iter_variant));

+        assert_se(dbus_message_iter_append_basic(&iter_variant, DBUS_TYPE_UINT32, &uid_u32));

+        assert_se(dbus_message_iter_close_container(&iter_dict, &iter_variant));

+        assert_se(dbus_message_iter_close_container(&iter_array, &iter_dict));

+

         assert_se(dbus_message_iter_close_container(&iter_struct, &iter_array));

         assert_se(dbus_message_iter_close_container(&iter_msg, &iter_struct));

 

-- 

1.7.1
Loading...
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
1
https://gitee.com/ocs-bot/rtkit.git
[email protected]:ocs-bot/rtkit.git
ocs-bot
rtkit
rtkit
master
点此查找更多帮助

搜索帮助

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
评论
仓库举报
回到顶部