Kees Cook writes: If a user types a carefully crafted series of format strings, they can trick polkit-grant-helper into thinking the password was successful. https://launchpad.net/bugs/205037 Patch: https://bugs.freedesktop.org/attachment.cgi?id=15591
# Saleem Abdulrasool <compnerd@gentoo.org> (23 Nov 2007) # These might break automounting, so keep them masked for now. >=sys-auth/policykit-0.6 >=gnome-base/gnome-mount-0.7 >=gnome-extra/policykit-gnome-0.6 Rating ~2 because this is masked.
I had to giggle at this one. So much for David Z claiming that Red Hat internally ran PolicyKit through 2 in house security audits and it was perfectly clean...
Any news here? could we just apply the patch and be done with this bug?
I've always let security run things when it comes to security patches. I don't typically touch policykit, at least, as much as I can avoid touching it. Okay by me if you do, compnerd has final say afaik.
PolicyKit 0.8 has been released and it fixes this bug. If anyone could bump it to resolve this issue, that'd be great. No further requirements from security, the patch is ok.
could someone please bump so we're done with it? Thanks.
bumped, noglsa. thanks.