r18223 - in /desktop/unstable/system-tools-backends/debian: changelog patches/05_cve_2008_4311.patch patches/series

joss at users.alioth.debian.org joss at users.alioth.debian.org
Sat Jan 10 16:05:06 UTC 2009


Author: joss
Date: Sat Jan 10 16:05:05 2009
New Revision: 18223

URL: http://svn.debian.org/wsvn/pkg-gnome/?sc=1&rev=18223
Log:
05_cve_2008_4311.patch: new patch by Simon McVittie. Specify 
permissions with send_destination instead of send_interface. Makes 
backends work with the dbus packages fixing CVE-2008-4311.
Closes: #510744.

Added:
    desktop/unstable/system-tools-backends/debian/patches/05_cve_2008_4311.patch
Modified:
    desktop/unstable/system-tools-backends/debian/changelog
    desktop/unstable/system-tools-backends/debian/patches/series

Modified: desktop/unstable/system-tools-backends/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/unstable/system-tools-backends/debian/changelog?rev=18223&op=diff
==============================================================================
--- desktop/unstable/system-tools-backends/debian/changelog (original)
+++ desktop/unstable/system-tools-backends/debian/changelog Sat Jan 10 16:05:05 2009
@@ -1,9 +1,16 @@
-system-tools-backends (2.6.0-3) UNRELEASED; urgency=low
-
+system-tools-backends (2.6.0-2lenny1) unstable; urgency=low
+
+  [ Loic Minier ]
   * Don't rm_conffile /etc/dbus-1/event.d/70system-tools-backends during first
     configuration.
 
- -- Loic Minier <lool at dooz.org>  Fri, 28 Nov 2008 20:29:44 +0100
+  [ Josselin Mouette ]
+  * 05_cve_2008_4311.patch: new patch by Simon McVittie. Specify 
+    permissions with send_destination instead of send_interface. Makes 
+    backends work with the dbus packages fixing CVE-2008-4311.
+    Closes: #510744.
+
+ -- Josselin Mouette <joss at debian.org>  Sat, 10 Jan 2009 16:50:01 +0100
 
 system-tools-backends (2.6.0-2) unstable; urgency=medium
 

Added: desktop/unstable/system-tools-backends/debian/patches/05_cve_2008_4311.patch
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/unstable/system-tools-backends/debian/patches/05_cve_2008_4311.patch?rev=18223&op=file
==============================================================================
--- desktop/unstable/system-tools-backends/debian/patches/05_cve_2008_4311.patch (added)
+++ desktop/unstable/system-tools-backends/debian/patches/05_cve_2008_4311.patch Sat Jan 10 16:05:05 2009
@@ -1,0 +1,44 @@
+commit fd648907e46017d46c367f59c62d0b0395830903
+Author: Simon McVittie <http://smcv.pseudorandom.co.uk/>
+Date:   2009-01-04 19:35:51 +0000
+
+    Allow root to send messages to all the system tools backends, so they work even when CVE-2008-4311 has been fixed.
+    
+    Also disallow normal user access by destination, not by interface (fd.o #18961).
+
+diff --git a/system-tools-backends.conf b/system-tools-backends.conf
+index 00d6d58..537ef73 100644
+--- a/system-tools-backends.conf
++++ b/system-tools-backends.conf
+@@ -23,8 +23,8 @@
+     -->
+ 
+     <!-- configuration modules can't be accessed directly... -->
+-    <deny send_interface="org.freedesktop.SystemToolsBackends"/>
+-    <deny send_interface="org.freedesktop.SystemToolsBackends.Platform"/>
++    <deny send_destination="org.freedesktop.SystemToolsBackends"/>
++    <deny send_destination="org.freedesktop.SystemToolsBackends.Platform"/>
+     <deny send_destination="org.freedesktop.SystemToolsBackends"/>
+   </policy>
+ 
+@@ -47,9 +47,18 @@
+ 
+     <!-- be able to speak to configuration modules,
+          so any message to them has to go through the dispatcher -->
+-    <allow send_interface="org.freedesktop.SystemToolsBackends"/>
+-    <allow send_interface="org.freedesktop.SystemToolsBackends.Platform"/>
+     <allow send_destination="org.freedesktop.SystemToolsBackends"/>
++    <allow send_destination="org.freedesktop.SystemToolsBackends.Platform"/>
++    <allow send_destination="org.freedesktop.SystemToolsBackends.GroupsConfig"/>
++    <allow send_destination="org.freedesktop.SystemToolsBackends.HostsConfig"/>
++    <allow send_destination="org.freedesktop.SystemToolsBackends.IfacesConfig"/>
++    <allow send_destination="org.freedesktop.SystemToolsBackends.NFSConfig"/>
++    <allow send_destination="org.freedesktop.SystemToolsBackends.NTPConfig"/>
++    <allow send_destination="org.freedesktop.SystemToolsBackends.ServicesConfig"/>
++    <allow send_destination="org.freedesktop.SystemToolsBackends.SMBConfig"/>
++    <allow send_destination="org.freedesktop.SystemToolsBackends.TimeConfig"/>
++    <allow send_destination="org.freedesktop.SystemToolsBackends.UserConfig"/>
++    <allow send_destination="org.freedesktop.SystemToolsBackends.UsersConfig"/>
+   </policy>
+   <policy group="stb-admin">
+     <!-- be able to speak to the dispatcher -->

Modified: desktop/unstable/system-tools-backends/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/unstable/system-tools-backends/debian/patches/series?rev=18223&op=diff
==============================================================================
--- desktop/unstable/system-tools-backends/debian/patches/series (original)
+++ desktop/unstable/system-tools-backends/debian/patches/series Sat Jan 10 16:05:05 2009
@@ -2,5 +2,6 @@
 02ubuntu_chmod_network_interfaces_when_using_key.patch
 03_default_permissions.patch
 04_correct_perl_command.patch
+05_cve_2008_4311.patch
 07_dont_symlink_localtime.patch
 60_fix-permissions-of-pid-file.patch




More information about the pkg-gnome-commits mailing list