diff options
author | André Fabian Silva Delgado <emulatorman@parabola.nu> | 2014-07-30 19:53:48 -0300 |
---|---|---|
committer | André Fabian Silva Delgado <emulatorman@parabola.nu> | 2014-07-30 19:53:48 -0300 |
commit | 9f6ae13fc72cd48c1c61bc2b5be2c9bd28c5ce43 (patch) | |
tree | 9dbe16ac7e4b9bee99510e2c3968415fd78a5496 /libre/kdelibs-libre/kdelibs-cve-2014-5033.patch | |
parent | 752d55343df5033d2b6956e8d23863dd639a27d9 (diff) |
kdelibs-libre-4.13.3-2: fix CVE-2014-5033
Diffstat (limited to 'libre/kdelibs-libre/kdelibs-cve-2014-5033.patch')
-rw-r--r-- | libre/kdelibs-libre/kdelibs-cve-2014-5033.patch | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/libre/kdelibs-libre/kdelibs-cve-2014-5033.patch b/libre/kdelibs-libre/kdelibs-cve-2014-5033.patch new file mode 100644 index 000000000..c85eccd6b --- /dev/null +++ b/libre/kdelibs-libre/kdelibs-cve-2014-5033.patch @@ -0,0 +1,36 @@ +--- a/kdecore/auth/backends/polkit-1/Polkit1Backend.cpp ++++ b/kdecore/auth/backends/polkit-1/Polkit1Backend.cpp +@@ -144,7 +144,7 @@ + + Action::AuthStatus Polkit1Backend::actionStatus(const QString &action) + { +- PolkitQt1::UnixProcessSubject subject(QCoreApplication::applicationPid()); ++ PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID())); + PolkitQt1::Authority::Result r = PolkitQt1::Authority::instance()->checkAuthorizationSync(action, subject, + PolkitQt1::Authority::None); + switch (r) { +@@ -160,21 +160,12 @@ + + QByteArray Polkit1Backend::callerID() const + { +- QByteArray a; +- QDataStream s(&a, QIODevice::WriteOnly); +- s << QCoreApplication::applicationPid(); +- +- return a; ++ return QDBusConnection::systemBus().baseService().toUtf8(); + } + + bool Polkit1Backend::isCallerAuthorized(const QString &action, QByteArray callerID) + { +- QDataStream s(&callerID, QIODevice::ReadOnly); +- qint64 pid; +- +- s >> pid; +- +- PolkitQt1::UnixProcessSubject subject(pid); ++ PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID)); + PolkitQt1::Authority *authority = PolkitQt1::Authority::instance(); + + PolkitResultEventLoop e; + |