r22400 - in /desktop/unstable/gnome-keyring/debian: changelog patches/10_whitelist_system.patch
joss at users.alioth.debian.org
joss at users.alioth.debian.org
Fri Nov 20 17:14:58 UTC 2009
Author: joss
Date: Fri Nov 20 17:14:57 2009
New Revision: 22400
URL: http://svn.debian.org/wsvn/pkg-gnome/?sc=1&rev=22400
Log:
10_whitelist_system.patch: new patch. Whitelist some system
directories (/usr/bin and /usr/lib) to avoid drowning the user under
useless dialogs. If anything evil can be installed in these
directories, all users on the system are doomed and we can give up
on any kind of security.
Added:
desktop/unstable/gnome-keyring/debian/patches/10_whitelist_system.patch
Modified:
desktop/unstable/gnome-keyring/debian/changelog
Modified: desktop/unstable/gnome-keyring/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/unstable/gnome-keyring/debian/changelog?rev=22400&op=diff
==============================================================================
--- desktop/unstable/gnome-keyring/debian/changelog [utf-8] (original)
+++ desktop/unstable/gnome-keyring/debian/changelog [utf-8] Fri Nov 20 17:14:57 2009
@@ -1,3 +1,13 @@
+gnome-keyring (2.28.1-2) unstable; urgency=low
+
+ * 10_whitelist_system.patch: new patch. Whitelist some system
+ directories (/usr/bin and /usr/lib) to avoid drowning the user under
+ useless dialogs. If anything evil can be installed in these
+ directories, all users on the system are doomed and we can give up
+ on any kind of security.
+
+ -- Josselin Mouette <joss at debian.org> Fri, 20 Nov 2009 18:09:05 +0100
+
gnome-keyring (2.28.1-1) unstable; urgency=low
[ Josselin Mouette ]
Added: desktop/unstable/gnome-keyring/debian/patches/10_whitelist_system.patch
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/unstable/gnome-keyring/debian/patches/10_whitelist_system.patch?rev=22400&op=file
==============================================================================
--- desktop/unstable/gnome-keyring/debian/patches/10_whitelist_system.patch (added)
+++ desktop/unstable/gnome-keyring/debian/patches/10_whitelist_system.patch [utf-8] Fri Nov 20 17:14:57 2009
@@ -1,0 +1,43 @@
+--- daemon/gkr-daemon-ops.c.orig 2009-11-20 17:52:12.459466388 +0100
++++ daemon/gkr-daemon-ops.c 2009-11-20 18:03:48.779465649 +0100
+@@ -129,6 +129,27 @@
+ return FALSE;
+ }
+
++
++static gchar *whitelist_paths[] = {
++ "/usr/lib/",
++ "/usr/bin/",
++ NULL
++};
++
++static gboolean
++acl_check_whitelist (GnomeKeyringApplicationRef *app)
++{
++ int i;
++
++ for (i=0; whitelist_paths[i]; i++) {
++ if (g_str_has_prefix (app->pathname, whitelist_paths[i])) {
++ return TRUE;
++ }
++ }
++
++ return FALSE;
++}
++
+ static void
+ add_item_acl (GkrKeyringItem *item,
+ GnomeKeyringApplicationRef *app_ref,
+@@ -171,6 +192,12 @@
+ return GKR_ASK_STOP_REQUEST;
+ }
+
++ /* Whitelist applications that are installed by the system */
++ if (acl_check_whitelist (app)) {
++ ask->response = GKR_ASK_RESPONSE_ALLOW;
++ return GKR_ASK_STOP_REQUEST;
++ }
++
+ /* See if this application already has access to this item */
+ if (acl_check_access (item, app, access_type, secret)) {
+ ask->response = GKR_ASK_RESPONSE_ALLOW;
More information about the pkg-gnome-commits
mailing list