Wed Jan 26 04:37:35 UTC 202220220126043735

l/polkit-0.120-x86_64-2.txz: Rebuilt. [PATCH] pkexec: local privilege escalation. Thanks to Qualys Research Labs for reporting this issue. For more information, see: https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4034 (* Security fix *)
author: Patrick J Volkerding <volkerdi@slackware.com> 2022-01-26 04:37:35 +0000
committer: Eric Hameleers <alien@slackware.com> 2022-01-26 08:59:56 +0100
commit: a733d591479391a9aaf78b2872e2afed5dc6658f (patch)
tree: ede0bbaae024cd509cfa56ed432ef50007db7fac /source
parent: 1269f459323b2536a51bb8c7e11cdffdebb185ef (diff)
download: current-a733d591479391a9aaf78b2872e2afed5dc6658f.tar.gz
4 files changed, 101 insertions, 6 deletions
diff --git a/source/d/icecream/icecream.SlackBuild b/source/d/icecream/icecream.SlackBuild
index aad5a160..120c23c8 100755
--- a/source/d/icecream/icecream.SlackBuild
+++ b/source/d/icecream/icecream.SlackBuild
@@ -1,7 +1,7 @@
 #!/bin/sh
 
 # Copyright 2009-2018 Heinz Wiesinger, Amsterdam, The Netherlands
-# Copyright 2018  Patrick J. Volkerding, Sebeka, Minnesota, USA
+# Copyright 2018, 2022  Patrick J. Volkerding, Sebeka, Minnesota, USA
 # All rights reserved.
 #
 # Redistribution and use of this script, with or without modification, is
@@ -26,7 +26,7 @@ cd $(dirname $0) ; CWD=$(pwd)
 PKGNAM=icecream
 SRCNAM=icecc
 VERSION=${VERSION:-$(echo $SRCNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-3}
+BUILD=${BUILD:-4}
 
 if [ -z "$ARCH" ]; then
   case "$( uname -m )" in
@@ -67,7 +67,7 @@ NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
 rm -rf $PKG
 mkdir -p $TMP $PKG $OUTPUT
 cd $TMP
-rm -rf $PKGNAM-$VERSION
+rm -rf $SRCNAM-$VERSION
 tar xvf $CWD/$SRCNAM-$VERSION.tar.lz || exit 1
 cd $SRCNAM-$VERSION || exit 1
 
diff --git a/source/d/icecream/rc.icecream.conf b/source/d/icecream/rc.icecream.conf
index d0bfaadf..2c1e0607 100644
--- a/source/d/icecream/rc.icecream.conf
+++ b/source/d/icecream/rc.icecream.conf
@@ -5,7 +5,22 @@
 # Defines the network name used to determine which nodes can be used for
 # the compile processes. That way you can have several icecream clusters
 # in the same network.
-ICECC_NETWORK=$(hostname -d)
+ICECC_NETWORK=$(hostname -d 2> /dev/null)
+
+# If /etc/HOSTNAME isn't relected in /etc/hosts or through DNS for any reason,
+# then the default ICECC_NETWORK=$(hostname -d) won't be set. So if that
+# variable is empty here, output an error message and exit so that the
+# rc.iceccd script doesn't hang:
+if [ "$ICECC_NETWORK" = "" ]; then
+  echo "ERROR: No network set in \$ICECC_NETWORK, so iceccd and/or icecc-scheduler"
+  echo "will be unable to start. Please make sure that the hostname in /etc/HOSTNAME"
+  echo "is reflected in /etc/hosts or through DNS. You should be able to run"
+  echo "'hostname -d' and see your network domain."
+  echo "This is the current output from 'hostname -d':"
+  echo $(hostname -d)
+  echo "Exiting..."
+  exit 1
+fi
 
 # Defines the options passed to icecc-scheduler:
 ICECC_SCHEDULER_OPTIONS="-n $ICECC_NETWORK -d -l /var/log/icecream/icecc-scheduler.log"
diff --git a/source/l/polkit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683.patch b/source/l/polkit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683.patch
new file mode 100644
index 00000000..a06300a5
--- /dev/null
+++ b/source/l/polkit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683.patch
@@ -0,0 +1,79 @@
+From a2bf5c9c83b6ae46cbd5c779d3055bff81ded683 Mon Sep 17 00:00:00 2001
+From: Jan Rybar <jrybar@redhat.com>
+Date: Tue, 25 Jan 2022 17:21:46 +0000
+Subject: [PATCH] pkexec: local privilege escalation (CVE-2021-4034)
+
+---
+ src/programs/pkcheck.c |  5 +++++
+ src/programs/pkexec.c  | 23 ++++++++++++++++++++---
+ 2 files changed, 25 insertions(+), 3 deletions(-)
+
+diff --git a/src/programs/pkcheck.c b/src/programs/pkcheck.c
+index f1bb4e1..768525c 100644
+--- a/src/programs/pkcheck.c
++++ b/src/programs/pkcheck.c
+@@ -363,6 +363,11 @@ main (int argc, char *argv[])
+   local_agent_handle = NULL;
+   ret = 126;
+ 
++  if (argc < 1)
++    {
++      exit(126);
++    }
++
+   /* Disable remote file access from GIO. */
+   setenv ("GIO_USE_VFS", "local", 1);
+ 
+diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c
+index 7698c5c..84e5ef6 100644
+--- a/src/programs/pkexec.c
++++ b/src/programs/pkexec.c
+@@ -488,6 +488,15 @@ main (int argc, char *argv[])
+   pid_t pid_of_caller;
+   gpointer local_agent_handle;
+ 
++
++  /*
++   * If 'pkexec' is called THIS wrong, someone's probably evil-doing. Don't be nice, just bail out.
++   */
++  if (argc<1)
++    {
++      exit(127);
++    }
++
+   ret = 127;
+   authority = NULL;
+   subject = NULL;
+@@ -614,10 +623,10 @@ main (int argc, char *argv[])
+ 
+       path = g_strdup (pwstruct.pw_shell);
+       if (!path)
+-	{
++        {
+           g_printerr ("No shell configured or error retrieving pw_shell\n");
+           goto out;
+-	}
++        }
+       /* If you change this, be sure to change the if (!command_line)
+ 	 case below too */
+       command_line = g_strdup (path);
+@@ -636,7 +645,15 @@ main (int argc, char *argv[])
+           goto out;
+         }
+       g_free (path);
+-      argv[n] = path = s;
++      path = s;
++
++      /* argc<2 and pkexec runs just shell, argv is guaranteed to be null-terminated.
++       * /-less shell shouldn't happen, but let's be defensive and don't write to null-termination
++       */
++      if (argv[n] != NULL)
++      {
++        argv[n] = path;
++      }
+     }
+   if (access (path, F_OK) != 0)
+     {
+-- 
+GitLab
+
diff --git a/source/l/polkit/polkit.SlackBuild b/source/l/polkit/polkit.SlackBuild
index 61304ea2..13e1f948 100755
--- a/source/l/polkit/polkit.SlackBuild
+++ b/source/l/polkit/polkit.SlackBuild
@@ -26,7 +26,7 @@ cd $(dirname $0) ; CWD=$(pwd)
 
 PKGNAM=polkit
 VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-2}
 
 # Automatically determine the architecture we're building on:
 if [ -z "$ARCH" ]; then
@@ -80,7 +80,8 @@ find . \
  \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
  -exec chmod 644 {} \+
 
-zcat $CWD/dont-set-wheel-group-as-admin.diff.gz | patch -p1 || exit 1
+zcat $CWD/dont-set-wheel-group-as-admin.diff.gz | patch -p1 --verbose || exit 1
+zcat $CWD/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683.patch.gz | patch -p1 --verbose || exit 1
 
 # https://gitlab.freedesktop.org/polkit/polkit/-/issues/29
 zcat $CWD/0001-configure-fix-elogind-support.patch.gz | patch -p1 || exit 1
author	Patrick J Volkerding <volkerdi@slackware.com>	2022-01-26 04:37:35 +0000
committer	Eric Hameleers <alien@slackware.com>	2022-01-26 08:59:56 +0100
commit	a733d591479391a9aaf78b2872e2afed5dc6658f (patch)
tree	ede0bbaae024cd509cfa56ed432ef50007db7fac /source
parent	1269f459323b2536a51bb8c7e11cdffdebb185ef (diff)
download	current-a733d591479391a9aaf78b2872e2afed5dc6658f.tar.gz