diff options
| author | Nicolás Reynolds <fauno@endefensadelsl.org> | 2014-03-23 04:08:07 +0000 |
|---|---|---|
| committer | Nicolás Reynolds <fauno@endefensadelsl.org> | 2014-03-23 04:08:07 +0000 |
| commit | b8646c38f9f0f867b019d1be98cb6ddd506e0efd (patch) | |
| tree | 3d44cd931b083adda0dbbd20f029844962aedab9 /extra/accountsservice | |
| parent | 50a801882f997d91380ebb5a74a63919582cb211 (diff) | |
Sun Mar 23 04:02:26 UTC 2014
Diffstat (limited to 'extra/accountsservice')
| -rw-r--r-- | extra/accountsservice/PKGBUILD | 17 | ||||
| -rw-r--r-- | extra/accountsservice/avoid-deleting-the-root-user.patch | 47 |
2 files changed, 5 insertions, 59 deletions
diff --git a/extra/accountsservice/PKGBUILD b/extra/accountsservice/PKGBUILD index ca65f4be1..9f559b676 100644 --- a/extra/accountsservice/PKGBUILD +++ b/extra/accountsservice/PKGBUILD @@ -1,24 +1,17 @@ -# $Id: PKGBUILD 199022 2013-11-06 14:06:17Z jgc $ +# $Id: PKGBUILD 208513 2014-03-22 19:41:54Z heftig $ # Maintainer: Ionut Biru <ibiru@archlinux.org> pkgname=accountsservice -pkgver=0.6.35 -pkgrel=2 +pkgver=0.6.37 +pkgrel=1 pkgdesc="D-Bus interface for user account query and manipulation" arch=(i686 x86_64) url="http://www.freedesktop.org/software/accountsservice/" license=('GPL3') depends=('glib2' 'polkit' 'systemd') makedepends=('intltool' 'gobject-introspection') -source=($url/$pkgname-$pkgver.tar.xz - avoid-deleting-the-root-user.patch) -md5sums=('3a81133e95faafb603de4475802cb06a' - '4970e77c3c0d56e513f9a5f29fdacd2c') - -prepare() { - cd $pkgname-$pkgver - patch -Np1 -i ../avoid-deleting-the-root-user.patch -} +source=($url/$pkgname-$pkgver.tar.xz) +md5sums=('aa5f4da715b8ec19024e39def88831a0') build() { cd $pkgname-$pkgver diff --git a/extra/accountsservice/avoid-deleting-the-root-user.patch b/extra/accountsservice/avoid-deleting-the-root-user.patch deleted file mode 100644 index b8dfaa931..000000000 --- a/extra/accountsservice/avoid-deleting-the-root-user.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 980692e6b9cfe4a34e22f566e0981a8c549e4348 Mon Sep 17 00:00:00 2001 -From: Matthias Clasen <mclasen@redhat.com> -Date: Fri, 01 Nov 2013 21:09:25 +0000 -Subject: Avoid deleting the root user - -The check we have in place against deleting the root user can -be tricked by exploiting the fact that we are checking a gint64, -and then later cast it to a uid_t. This can be seen with the -following test, which will delete your root account: - -qdbus --system org.freedesktop.Accounts /org/freedesktop/Accounts \ - org.freedesktop.Accounts.DeleteUser -9223372036854775808 true - -Found with the dfuzzer tool, -https://github.com/matusmarhefka/dfuzzer ---- -diff --git a/src/daemon.c b/src/daemon.c -index ea75190..9c7001b 100644 ---- a/src/daemon.c -+++ b/src/daemon.c -@@ -1227,7 +1227,7 @@ daemon_uncache_user (AccountsAccounts *accounts, - } - - typedef struct { -- gint64 uid; -+ uid_t uid; - gboolean remove_files; - } DeleteUserData; - -@@ -1309,13 +1309,13 @@ daemon_delete_user (AccountsAccounts *accounts, - Daemon *daemon = (Daemon*)accounts; - DeleteUserData *data; - -- if (uid == 0) { -+ if ((uid_t)uid == 0) { - throw_error (context, ERROR_FAILED, "Refuse to delete root user"); - return TRUE; - } - - data = g_new0 (DeleteUserData, 1); -- data->uid = uid; -+ data->uid = (uid_t)uid; - data->remove_files = remove_files; - - daemon_local_check_auth (daemon, --- -cgit v0.9.0.2-2-gbebe |