| From 544d679c2796602ff277e78e238abd56d30ad633 Mon Sep 17 00:00:00 2001 |
| From: Gilles Dartiguelongue <eva@gentoo.org> |
| Date: Mon, 14 Dec 2009 20:37:58 +0100 |
| Subject: [PATCH 3/4] Gentoo: fix CVE-2008-4311 |
| |
| commit fd648907e46017d46c367f59c62d0b0395830903 |
| Author: Simon McVittie <http://smcv.pseudorandom.co.uk/> |
| Date: 2009-01-04 19:35:51 +0000 |
| |
| Allow root to send messages to all the system tools backends, so |
| they work even when CVE-2008-4311 has been fixed. |
| |
| Also disallow normal user access by destination, not by |
| interface (fd.o #18961). |
| --- |
| org.freedesktop.SystemToolsBackends.conf | 8 ++++---- |
| 1 files changed, 4 insertions(+), 4 deletions(-) |
| |
| diff --git a/org.freedesktop.SystemToolsBackends.conf b/org.freedesktop.SystemToolsBackends.conf |
| index 58972ee..537ef73 100644 |
| --- a/org.freedesktop.SystemToolsBackends.conf |
| +++ b/org.freedesktop.SystemToolsBackends.conf |
| @@ -22,8 +22,10 @@ |
| <allow send_interface="org.freedesktop.SystemToolsBackends.Platform" send_member="getPlatform"/> |
| --> |
| |
| - <!-- Only allow talking to the dispatcher --> |
| - <allow send_destination="org.freedesktop.SystemToolsBackends"/> |
| + <!-- configuration modules can't be accessed directly... --> |
| + <deny send_destination="org.freedesktop.SystemToolsBackends"/> |
| + <deny send_destination="org.freedesktop.SystemToolsBackends.Platform"/> |
| + <deny send_destination="org.freedesktop.SystemToolsBackends"/> |
| </policy> |
| |
| <policy user="0"> |
| @@ -45,8 +47,6 @@ |
| |
| <!-- be able to speak to configuration modules, |
| so any message to them has to go through the dispatcher --> |
| - <allow send_interface="org.freedesktop.SystemToolsBackends"/> |
| - <allow send_interface="org.freedesktop.SystemToolsBackends.Platform"/> |
| <allow send_destination="org.freedesktop.SystemToolsBackends"/> |
| <allow send_destination="org.freedesktop.SystemToolsBackends.Platform"/> |
| <allow send_destination="org.freedesktop.SystemToolsBackends.GroupsConfig"/> |
| -- |
| 1.6.5.4 |
| |