| Summary: | <sys-auth/polkit-0.115: local information disclosure and denial of service caused by trusting client-submitted UIDs when referencing processes (CVE-2018-1116) | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Lars Wendler (Polynomial-C) (RETIRED) <polynomial-c> | ||||||
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||
| Status: | RESOLVED FIXED | ||||||||
| Severity: | normal | CC: | casta, freedesktop-bugs, gentoo, mlen, mozilla | ||||||
| Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
||||||
| Version: | unspecified | ||||||||
| Hardware: | All | ||||||||
| OS: | Linux | ||||||||
| URL: | https://lists.freedesktop.org/archives/polkit-devel/2018-July/000583.html | ||||||||
| See Also: | https://bugs.gentoo.org/show_bug.cgi?id=675842 | ||||||||
| Whiteboard: | B3 [glsa+ cve] | ||||||||
| Package list: |
sys-auth/polkit-0.115-r3
gnome-extra/polkit-gnome-0.105-r1 arm64
dev-lang/spidermonkey-52.9.1_pre1
|
Runtime testing required: | --- | ||||||
| Bug Depends on: | 646998, 660880, 663620, 666732 | ||||||||
| Bug Blocks: | 672578, 682158, 685254, 685748 | ||||||||
| Attachments: |
|
||||||||
|
Description
Lars Wendler (Polynomial-C) (RETIRED)
2018-07-18 08:02:11 UTC
FYI this version breaks libvirt and possibly other tools:
$ virsh list
error: failed to connect to the hypervisor
error: error from service: CheckAuthorization: Failed to open file “/proc/23102/status”: No such file or directory
After tracing open syscall it becomes obvious the issue is caused by polkit:
PID COMM FD ERR PATH
2975 polkitd -1 2 /proc/22072/status
Rule that works with <sys-auth/polkit-0.115 is:
polkit.addRule(function(action, subject) {
polkit.log(action);
if (action.id == "org.libvirt.unix.manage" && subject.isInGroup("kvm")) {
return polkit.Result.YES;
}
});
I was able to find out the cause of this: this was obviously a misconfiguration. Some time ago I configured mounting proc with hidepids=2, which prevents polkitd from accessing entries for processes of other users as polkit is not running as root. Sorry for the mixup (In reply to Mateusz Lenik from comment #2) > I was able to find out the cause of this: this was obviously a > misconfiguration. > > Some time ago I configured mounting proc with hidepids=2, which prevents > polkitd from accessing entries for processes of other users as polkit is not > running as root. Sorry for the mixup I have this too. This is a standard kernel option (and this is a very basic option for hardening), and polkit should handle it. It was before. So it’s a real regression. (In reply to Guillaume Castagnino from comment #3) > (In reply to Mateusz Lenik from comment #2) > > I was able to find out the cause of this: this was obviously a > > misconfiguration. > > > > Some time ago I configured mounting proc with hidepids=2, which prevents > > polkitd from accessing entries for processes of other users as polkit is not > > running as root. Sorry for the mixup > > I have this too. This is a standard kernel option (and this is a very basic > option for hardening), and polkit should handle it. It was before. So it’s a > real regression. A workaround would be to add "gid=polkitd" tou mount options to allow to keep hidepid=2. But this definitely deserves some care in polkit ebuild at least no issue some notice. Please stabilize spidermonkey alongside polkit as necessary. amd64 stable x86 stable How are we stabilizing this version of spidermonkey when it has this many serious outstanding bugs? Doesn't configure : Bug 663620 Doesn't build : Bug 666732 Doesn't pass tests: Bug 661956 Doesn't run : Bug 667250 The newly stabilized version doesn't build for me on amd64 in exactly the same was as described in 666732. We should revert the stabilizations. And WTF, we don't even have mozilla@ Cc'd? On top of that we already had a blocking bug (646998) that should have prevented this from showing up in tatt/getatoms.py. No need to CC people who are in mozilla alias as well... I wonder whether one could make the dependency on spidermonkey optional (USE flag). It's a large codebase and build/dependency/slotting problems with it are extremely likely (I think I remember lots of problems with it in the past). (In reply to Ortwin Glueck from comment #11) > I wonder whether one could make the dependency on spidermonkey optional (USE > flag). It's a large codebase and build/dependency/slotting problems with it > are extremely likely (I think I remember lots of problems with it in the > past). No, it's a hard dependency since polkit-114: https://cgit.freedesktop.org/polkit/tree/configure.ac#n81 (In reply to Lars Wendler (Polynomial-C) from comment #10) > No need to CC people who are in mozilla alias as well... And security alias as well ;) (In reply to Matt Turner from comment #8) > How are we stabilizing this version of spidermonkey when it has this many > serious outstanding bugs? > > Doesn't configure : Bug 663620 > Doesn't build : Bug 666732 > Doesn't pass tests: Bug 661956 > Doesn't run : Bug 667250 > > The newly stabilized version doesn't build for me on amd64 in exactly the > same was as described in 666732. > > We should revert the stabilizations. And WTF, we don't even have mozilla@ > Cc'd? the bugs you referenced are arch specific alpha/arm/arm64 and one ~amd64 tests failure I can not reproduce in my clear stable env. so no, stabilization should not be reverted unless the problem relate to either amd64 and x86 (In reply to Mikle Kolyada from comment #14) > (In reply to Matt Turner from comment #8) > > How are we stabilizing this version of spidermonkey when it has this many > > serious outstanding bugs? > > > > Doesn't configure : Bug 663620 > > Doesn't build : Bug 666732 > > Doesn't pass tests: Bug 661956 > > Doesn't run : Bug 667250 > > > > The newly stabilized version doesn't build for me on amd64 in exactly the > > same was as described in 666732. > > > > We should revert the stabilizations. And WTF, we don't even have mozilla@ > > Cc'd? > > the bugs you referenced are arch specific alpha/arm/arm64 and one ~amd64 > tests failure I can not reproduce in my clear stable env. so no, > stabilization should not be reverted unless the problem relate to either > amd64 and x86 Yes, as I said it fails to configure for me on amd64. (In reply to Mateusz Lenik from comment #1) After installation of polkit-0.115-p1 I also experience this bug in NetworkManager. As result I cannot connect/disconnect into/from any network. Please stop spamming this bug with new polkit-0.115 issues but file new bugs against the package instead. We should probably switch stabilization to bug 672578, but I will leave that to the security team to execute. @arches, re-adding all arches due to new target package. amd64 stable x86 stable arm stable s390 stable Created attachment 563146 [details] tatt-tests (useflags + rdeps, ppc64) Looking good on ppc64. spidermonkey-52.9.1_pre1 fails tests (bug #675348). Created attachment 563158 [details] tatt-tests (useflags + rdeps, ppc) Looking good on ppc. rdep dev-libs/gjs-1.48.7 fails tests (bug #676674). ppc/ppc64 stable thanks to ernsteiswuerfel! Bumping target to sys-auth/polkit-0.115-r3, adding arm64 which is needed for initial elogind stabilisation. gnome-extra/polkit-gnome-0.105-r1 arm64 is required for sys-auth/polkit[gtk]. arm64 stable. Waiting on final arches... The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ac67dcaed322a88fe2ba459dd5857c468430012d commit ac67dcaed322a88fe2ba459dd5857c468430012d Author: Tobias Klausmann <klausman@gentoo.org> AuthorDate: 2019-05-06 15:24:46 +0000 Commit: Tobias Klausmann <klausman@gentoo.org> CommitDate: 2019-05-06 15:24:46 +0000 sys-auth/polkit-0.115-r3: alpha stable Bug: http://bugs.gentoo.org/661470 Signed-off-by: Tobias Klausmann <klausman@gentoo.org> sys-auth/polkit/polkit-0.115-r3.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=262f0c1066eeb2d5ed63126cbb85e6f332e3560f commit 262f0c1066eeb2d5ed63126cbb85e6f332e3560f Author: Tobias Klausmann <klausman@gentoo.org> AuthorDate: 2019-05-06 15:24:46 +0000 Commit: Tobias Klausmann <klausman@gentoo.org> CommitDate: 2019-05-06 15:24:46 +0000 dev-lang/spidermonkey-52.9.1_pre1-r0: alpha stable Bug: http://bugs.gentoo.org/661470 Signed-off-by: Tobias Klausmann <klausman@gentoo.org> dev-lang/spidermonkey/spidermonkey-52.9.1_pre1.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) ia64 stable sparc stable hppa timeout, cleaned up vulnerable in 39b7c2d3a288642b41a319357d4452b3b2e6cb23. security@: ping This issue was resolved and addressed in GLSA 201908-14 at https://security.gentoo.org/glsa/201908-14 by GLSA coordinator Aaron Bauman (b-man). |
