Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 524390 - <x11-misc/sddm-0.10.0: privilege escalation
Summary: <x11-misc/sddm-0.10.0: privilege escalation
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial with 1 vote (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: ~1 [noglsa]
Keywords:
: 525774 (view as bug list)
Depends on: qt5-porting
Blocks:
  Show dependency tree
 
Reported: 2014-10-03 15:54 UTC by Agostino Sarubbo
Modified: 2015-09-29 15:41 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2014-10-03 15:54:08 UTC
From ${URL} :

Sebastian Krahmer reported a number of flaws in the SDDM display manager that could allow a local 
user to escalate their privileges to root:

https://bugzilla.suse.com/show_bug.cgi?id=897788

References:

http://seclists.org/oss-sec/2014/q4/6


@maintainer(s): since the package or the affected version has never been marked as stable, we don't need to stabilize it. After the bump, please remove the affected versions from the tree.
Comment 1 Jauhien Piatlicki (RETIRED) gentoo-dev 2014-10-05 08:34:11 UTC
Reported upstream
Comment 2 Jauhien Piatlicki (RETIRED) gentoo-dev 2014-10-05 08:50:20 UTC
Masked until upstream solves this problem.
Comment 3 Alpha Bravo 2014-10-17 10:43:33 UTC
sddm-0.10.0 released

excerpt from release notes:

*BACKWARDS INCOMPATIBLE: Drop support for Qt 4.
*BACKWARDS INCOMPATIBLE: SDDM now prioritizes loading sessions with a .desktop $
*SECURITY: Never try to login as the sddm user (CVE-2014-7271)
*SECURITY: Fix race condition in XAUTHORITY file generation (CVE-2014-7272)
*SECURITY: XAUTHORITY file is no longer owned by root
Comment 4 Alpha Bravo 2014-10-17 10:49:14 UTC
--- sddm-0.9.0-r1.ebuild
+++ sddm-0.10.0.ebuild
@@ -12,24 +12,17 @@
 
 LICENSE="GPL-2+ MIT CC-BY-3.0 public-domain"
 SLOT="0"
-IUSE="consolekit +qt4 qt5 systemd +upower"
-REQUIRED_USE="?? ( upower systemd )
-       ^^ ( qt4 qt5 )"

+IUSE="consolekit systemd +upower"
+REQUIRED_USE="?? ( upower systemd )"
 
-RDEPEND="sys-libs/pam
+RDEPEND="dev-qt/qtcore:5
+       dev-qt/qtdbus:5
+       dev-qt/qtdeclarative:5
+       dev-qt/linguist-tools:5
+       dev-qt/qttest:5
+       sys-libs/pam
        >=x11-base/xorg-server-1.15.1
        x11-libs/libxcb[xkb(-)]
-       qt4? (
-               dev-qt/qtcore:4
-               dev-qt/qtdbus:4
-               dev-qt/qtdeclarative:4
-               dev-qt/qttest:4 )
-       qt5? (
-               dev-qt/qtcore:5
-               dev-qt/qtdbus:5
-               dev-qt/qtdeclarative:5
-               dev-qt/linguist-tools:5
-               dev-qt/qttest:5 )
        systemd? ( sys-apps/systemd:= )
        upower? ( || ( sys-power/upower sys-power/upower-pm-utils ) )"
 DEPEND="${RDEPEND}
@@ -44,8 +37,8 @@
 }
 
 src_prepare() {
-       use consolekit && epatch "${FILESDIR}/${P}-consolekit.patch"
-       use upower && epatch "${FILESDIR}/${P}-upower.patch"
+       # use consolekit && epatch "${FILESDIR}/${P}-consolekit.patch"
+       # use upower && epatch "${FILESDIR}/${P}-upower.patch"
 
        # respect user's cflags
        sed -e 's|-Wall -march=native||' \
@@ -55,7 +48,7 @@
 
 src_configure() {
        local mycmakeargs=(
-               $(cmake-utils_use_use qt5 QT5)
+               -DUSE_QT5=ON
                $(cmake-utils_use_no systemd SYSTEMD)
        )
        cmake-utils_src_configure
Comment 5 Alpha Bravo 2014-10-17 11:00:57 UTC
--- sddm-0.9.0-r1.ebuild        2014-10-17 12:41:40.840065291 +0200
+++ sddm-0.10.0.ebuild  2014-10-17 12:59:02.912531522 +0200
@@ -12,24 +12,17 @@
 
 LICENSE="GPL-2+ MIT CC-BY-3.0 public-domain"
 SLOT="0"
-IUSE="consolekit +qt4 qt5 systemd +upower"
-REQUIRED_USE="?? ( upower systemd )
-       ^^ ( qt4 qt5 )"
+IUSE="consolekit systemd +upower"
+REQUIRED_USE="?? ( upower systemd )"
 
-RDEPEND="sys-libs/pam
+RDEPEND="dev-qt/qtcore:5
+       dev-qt/qtdbus:5
+       dev-qt/qtdeclarative:5
+       dev-qt/linguist-tools:5
+       dev-qt/qttest:5
+       sys-libs/pam
        >=x11-base/xorg-server-1.15.1
        x11-libs/libxcb[xkb(-)]
-       qt4? (
-               dev-qt/qtcore:4
-               dev-qt/qtdbus:4
-               dev-qt/qtdeclarative:4
-               dev-qt/qttest:4 )
-       qt5? (
-               dev-qt/qtcore:5
-               dev-qt/qtdbus:5
-               dev-qt/qtdeclarative:5
-               dev-qt/linguist-tools:5
-               dev-qt/qttest:5 )
        systemd? ( sys-apps/systemd:= )
        upower? ( || ( sys-power/upower sys-power/upower-pm-utils ) )"
 DEPEND="${RDEPEND}
@@ -45,7 +38,6 @@
 
 src_prepare() {
        use consolekit && epatch "${FILESDIR}/${P}-consolekit.patch"
-       use upower && epatch "${FILESDIR}/${P}-upower.patch"
 
        # respect user's cflags
        sed -e 's|-Wall -march=native||' \
@@ -55,7 +47,7 @@
 
 src_configure() {
        local mycmakeargs=(
-               $(cmake-utils_use_use qt5 QT5)
+               -DUSE_QT5=ON
                $(cmake-utils_use_no systemd SYSTEMD)
        )
        cmake-utils_src_configure
Comment 6 Alpha Bravo 2014-10-17 11:06:46 UTC
first diff is obsolete!
Comment 7 Manuel Rüger (RETIRED) gentoo-dev 2014-10-18 15:02:04 UTC
*** Bug 525774 has been marked as a duplicate of this bug. ***
Comment 8 Jauhien Piatlicki (RETIRED) gentoo-dev 2014-10-18 17:57:07 UTC
Version bumped. Please, test if this isuue: https://github.com/sddm/sddm/issues/277 exists for you.
Comment 9 Jauhien Piatlicki (RETIRED) gentoo-dev 2014-10-18 18:06:39 UTC
Maked until QT5 is unmasked.
Comment 10 Alpha Bravo 2014-10-18 21:50:11 UTC
no respective issues here; gcc 4.8.3, openrc, amd64 no-multilib, -mtune=generic -O2 -pipe
Comment 11 Ben de Groot (RETIRED) gentoo-dev 2015-02-02 15:22:44 UTC
Unmasked together with Qt5.
Comment 12 Alex Xu (Hello71) 2015-09-29 15:18:42 UTC
I believe this issue has been resolved as <=0.10.0 have been dropped from the tree.