[Pkg-utopia-commits] r3289 - in /packages/unstable/hal/debian: changelog patches/10_nonpolkit-mount-policy.patch patches/series

biebl at users.alioth.debian.org biebl at users.alioth.debian.org
Tue Nov 24 19:02:37 UTC 2009 

Author: biebl
Date: Tue Nov 24 19:02:36 2009
New Revision: 3289

URL: http://svn.debian.org/wsvn/pkg-utopia/?sc=1&rev=3289
Log:
Only allow root to mount fixed (internal) storage devices.

* debian/patches/10_nonpolkit-mount-policy.patch
  - Only allow root to mount fixed (internal) storage devices.

Added:
    packages/unstable/hal/debian/patches/10_nonpolkit-mount-policy.patch
Modified:
    packages/unstable/hal/debian/changelog
    packages/unstable/hal/debian/patches/series

Modified: packages/unstable/hal/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-utopia/packages/unstable/hal/debian/changelog?rev=3289&op=diff
==============================================================================
--- packages/unstable/hal/debian/changelog (original)
+++ packages/unstable/hal/debian/changelog Tue Nov 24 19:02:36 2009
@@ -1,3 +1,10 @@
+hal (0.5.13-6) UNRELEASED; urgency=low
+
+  * debian/patches/10_nonpolkit-mount-policy.patch
+    - Only allow root to mount fixed (internal) storage devices.
+
+ -- Michael Biebl <biebl at debian.org>  Thu, 19 Nov 2009 10:52:42 -0600
+
 hal (0.5.13-5) experimental; urgency=low
 
   * Disable PolicyKit and ConsoleKit support in hal. GNOME uses DK-disks for

Added: packages/unstable/hal/debian/patches/10_nonpolkit-mount-policy.patch
URL: http://svn.debian.org/wsvn/pkg-utopia/packages/unstable/hal/debian/patches/10_nonpolkit-mount-policy.patch?rev=3289&op=file
==============================================================================
--- packages/unstable/hal/debian/patches/10_nonpolkit-mount-policy.patch (added)
+++ packages/unstable/hal/debian/patches/10_nonpolkit-mount-policy.patch Tue Nov 24 19:02:36 2009
@@ -1,0 +1,33 @@
+Index: hal-0.5.13/tools/hal-storage-mount.c
+===================================================================
+--- hal-0.5.13.orig/tools/hal-storage-mount.c	2009-05-27 15:26:03.000000000 -0500
++++ hal-0.5.13/tools/hal-storage-mount.c	2009-11-19 10:52:30.979682802 -0600
+@@ -92,6 +92,14 @@
+ }
+ 
+ static void
++permission_denied_uid (const char *device, const char *uid)
++{
++	fprintf (stderr, "org.freedesktop.Hal.Device.Volume.PermissionDenied\n");
++	fprintf (stderr, "Refusing to mount device %s for uid=%s.\n", device, uid);
++	exit (1);
++}
++
++static void
+ already_mounted (const char *device)
+ {
+ 	fprintf (stderr, "org.freedesktop.Hal.Device.Volume.AlreadyMounted\n");
+@@ -856,6 +864,13 @@
+                 }
+                 libhal_free_string (polkit_result);
+         }
++#else
++	/* root can do everything; only allow handling removable devices
++	 * without uid change to non-root users */
++	if (!invoked_by_uid || strcmp(invoked_by_uid, "0"))
++		if (!action || strcmp (action, "org.freedesktop.hal.storage.mount-removable"))
++			permission_denied_uid (device, invoked_by_uid);
++
+ #endif
+ 
+ #ifdef DEBUG

Modified: packages/unstable/hal/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-utopia/packages/unstable/hal/debian/patches/series?rev=3289&op=diff
==============================================================================
--- packages/unstable/hal/debian/patches/series (original)
+++ packages/unstable/hal/debian/patches/series Tue Nov 24 19:02:36 2009
@@ -1,5 +1,6 @@
 # Debian patches for hal
 01_at_console.patch
+10_nonpolkit-mount-policy.patch
 20_cpufreq_warning_message_fix.patch
 21_fix_segfault_in_hal_util_get_last_element.patch
 22_fix_unconditional_usage_of_PATH_MAX.patch

More information about the Pkg-utopia-commits mailing list