From ${URL} : Description A weakness has been reported in systemd, which can be exploited by malicious, local users to gain escalated privileges. The weakness is caused due to an insecure use of the DBUS interface when interacting with the polkit authority. For more information: SA54875 The weakness is reported in version 207. Other versions may also be affected. Solution: Fixed in the GIT repository. @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
Do I understand correctly that this is about: commit 72fd713962ca2c2450e23b01d9e22017a7e28fd4 Author: Colin Walters <walters@verbum.org> Date: Thu Aug 22 13:55:21 2013 -0400 polkit: Avoid race condition in scraping /proc If a calling process execve()s a setuid program, it can appear to be uid 0. Since we're receiving requests over DBus, avoid this by simply passing system-bus-name as a subject. ?
Fixed in -207-r2 and -204-r1. -204-r1 is ready for stabilization but it will require stabilizing =sys-apps/gentoo-systemd-integration-1 (it's basically a few files from FILESDIR moved to a separate package).
Arches, please test and mark stable: =sys-apps/systemd-204-r1 =sys-apps/gentoo-systemd-integration-1 Target keywords : "amd64 arm ppc ppc64 x86"
arm stable
amd64 stable
x86 stable
ppc stable
ppc64 stable
Cleanup done, please file the request
The offending versions has been removed from the tree. (In reply to Agostino Sarubbo from comment #9) > Cleanup done, please file the request Sorry, I don't understand.
GLSA request filed.
CVE-2013-4327 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4327): systemd does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
This issue was resolved and addressed in GLSA 201406-27 at http://security.gentoo.org/glsa/glsa-201406-27.xml by GLSA coordinator Chris Reffett (creffett).