| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix the following build failure without C++ raised since
https://gitlab.freedesktop.org/polkit/polkit/-/commit/957a015157fd359d9679540f664183e4b9492896:
The following exception(s) were encountered:
Running "/home/autobuild/autobuild/instance-14/output-1/host/bin/or1k-buildroot-linux-musl-g++ --version" gave "[Errno 2] No such file or directory: '/home/autobuild/autobuild/instance-14/output-1/host/bin/or1k-buildroot-linux-musl-g++'"
Indeed, C++ is only required with mozjs engine
Fixes:
- http://autobuild.buildroot.org/results/1d52c8100414aa384572b23006a13f9b806d2d5a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
|
| |
|
|
|
|
|
| |
Original author: Wu Xiaotian (@yetist)
Resurrection author, runaway-killer author: Gustavo Lima Chaves (@limachaves)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Autotools build system has been using /usr/lib/polkit-1 for several
releases, even on distributions where the library directory is /usr/lib64
or /usr/lib/x86_64-linux-gnu, so it makes sense for Meson to do the same.
This lets 32- and 64-bit polkit agents share a single helper executable.
This might be superseded by polkit!63, which requests going back to using
the libexecdir for these (like polkit 0.105 did), which would also make
sense; but until that's decided, let's at least be consistent between
our two build systems.
Every time we change this, all programs that have already loaded
libpolkit-agent into their address space need to be restarted, unless
distributions provide compatibility symlinks.
Signed-off-by: Simon McVittie <smcv@debian.org>
|
|
|
|
|
| |
into 'master'"
This reverts merge request !75
|
|
|
|
| |
Signed-off-by: Philip Withnall <withnall@endlessm.com>
|
|
|
|
|
|
| |
meson is a build system focused on speed an ease of use, which
helps speeding up the software development. This patch adds meson
support along autotools.
|
| |
|
| |
|
|
|
|
| |
Just compiles and installs polkit
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When strings handled by the jsbackendauthority contain non-ASCII, the
code will fail. For example, on a system having a user with a
non-ASCII name, the following message will appear when a USB stick is
plugged in.
mar 04 21:47:31 mimmi polkitd[17163]: Error evaluating authorization rules
The user will not be allowed to do the mount.
The problem is that strings were variously encoded back to C strings
with JS_EncodeString and JS_EncodeStringToUTF8. According to the
documentation
(https://developer.mozilla.org/en-US/docs/Mozilla/Projects/SpiderMonkey/JSAPI_reference/JS_EncodeString#Description)
the former will simply drop the high byte from each character. If
that happens to a username, it will no longer be found as a valid user
name on the system. Explicitly encoding to UTF-8 will at least work
in UTF-8 locales, which is the increasingly dominant encoding.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
API changes in mozjs that need to be reflected in the JS authority:
- the JS::CompileOptions constructor and the JS::CompartmentOptions
do not allow setting a JS version any more
- do not use NULL comparisons for C++ objects
- the resize() method for a vector has a return value that needs
to be handled
- JSClassOps has different fields
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It turns out that the combination of `(pid, start time)` is not
enough to be unique. For temporary authorizations, we can avoid
separate users racing on pid reuse by simply comparing the uid.
https://bugs.chromium.org/p/project-zero/issues/detail?id=1692
And the above original email report is included in full in a new comment.
Reported-by: Jann Horn <jannh@google.com>
Closes: https://gitlab.freedesktop.org/polkit/polkit/issues/75
|
|
|
|
| |
Signed-off-by: Philip Withnall <withnall@endlessm.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Resolves: bz#106021
Subject: [PATCH] polkitd: fix zombie not reaped when js spawned process timed
out
The child watch source attached to thread context didn't work due
to the release of it's main loop and context outside. So we attach
the source to the global default main context to make it work and
avoid zombies.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As part of CVE-2013-4288, the D-Bus clients were allowed (and
encouraged) to submit the UID of the subject of authorization checks
to avoid races against UID changes (notably using executables
set-UID to root).
However, that also allowed any client to submit an arbitrary UID, and
that could be used to bypass "can only ask about / affect the same UID"
checks in CheckAuthorization / RegisterAuthenticationAgent /
UnregisterAuthenticationAgent. This allowed an attacker:
- With CheckAuthorization, to cause the registered authentication
agent in victim's session to pop up a dialog, or to determine whether
the victim currently has a temporary authorization to perform an
operation.
(In principle, the attacker can also determine whether JavaScript
rules allow the victim process to perform an operation; however,
usually rules base their decisions on information determined from
the supplied UID, so the attacker usually won't learn anything new.)
- With RegisterAuthenticationAgent, to prevent the victim's
authentication agent to work (for a specific victim process),
or to learn about which operations requiring authorization
the victim is attempting.
To fix this, expose internal _polkit_unix_process_get_owner() /
obsolete polkit_unix_process_get_owner() as a private
polkit_unix_process_get_racy_uid__() (being more explicit about the
dangers on relying on it), and use it in
polkit_backend_session_monitor_get_user_for_subject() to return
a boolean indicating whether the subject UID may be caller-chosen.
Then, in the permission checks that require the subject to be
equal to the caller, fail on caller-chosen UIDs (and continue
through the pre-existing code paths which allow root, or root-designated
server processes, to ask about arbitrary subjects.)
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
commit 00adeee1b62 attempted to add a "%s" format string to the
two JS_Report invocations that needed it, but somehow only got
one them.
This commit gets the other one.
https://bugzilla.gnome.org/show_bug.cgi?id=105865
|
|
|
|
|
|
|
|
| |
seems to work with mozjs52
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
|
|
|
|
|
| |
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
|
|
|
|
|
|
|
| |
it's not around anymore.
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
|
|
|
|
|
| |
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
|
|
|
|
|
|
|
|
| |
JS_EvaluateScript is no longer in the API set, so use
JS::Evaluate instead.
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
|
|
|
|
|
|
|
| |
JS_ExecuteScript no longer takes a global argument.
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
|
|
|
|
|
|
|
|
|
|
| |
The global object is implicit now and the result is an
out arg.
This commit adapts to the new api.
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
|
|
|
|
|
| |
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit drops usage of JS_AddObjectRoot and switches
the global object over to being wrapped in a JS::Heap
pointer. It stops using JS_DefineObject which no longer
seems to be available, and adds a new JS::FireOnNewGlobalHook
which seems to be required.
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
|
|
|
|
|
|
|
| |
seems like it got renamed.
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
|
|
|
|
|
|
|
| |
The way args are passed in changed.
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
|
|
|
|
|
| |
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
|
|
|
|
|
| |
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
|
|
|
|
|
| |
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
|
|
|
|
|
| |
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
|
|
|
|
|
| |
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
|
|
|
|
|
| |
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
|
|
|
|
|
|
|
|
| |
This commit does a global search and replace
for OBJECT_TO_JSVAL to JS::ObjectValue()
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
|
|
|
|
|
|
|
|
| |
This commit does a global search and replace
for JSVAL_VOID to JS::UndefinedValue()
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
|
|
|
|
|
|
|
|
| |
This commit does a global search and replace
for JSVAL_NULL to JS::NullValue()
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
|
|
|
|
|
|
|
| |
The API got renamed in mozjs31.
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
|
|
|
|
|
|
|
| |
It's been gone since mozjs31
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
|
|
|
|
|
|
|
| |
This just avoids the potential for security problems down the line.
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
|
|
|
|
|
| |
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
|
|
|
|
|
|
|
|
|
|
| |
This commit changes the code to use JS::SetWarningReporter instead
of JS_SetErrorReporter. The latter, as far as I can tell, is
just a slightly renamed version of the former with the args moved
around a little bit.
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
|
|
|
|
|
|
|
|
|
| |
JS_SetOptions seems to be replaced with JS::ContextOptionsRef now.
Also, disabling the JIT seems to be three options now instead of just
one.
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
|
|
|
|
|
|
|
| |
This is now required
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|