[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] KAuth security issues
From: Sebastian Krahmer <krahmer () suse ! de>
Date: 2014-03-26 8:08:56
Message-ID: 20140326080856.GB6866 () suse ! de
[Download RAW message or body]
On Wed, Mar 26, 2014 at 08:56:51AM +0100, Florian Weimer wrote:
> On 03/26/2014 08:10 AM, Sebastian Krahmer wrote:
>> I love to talk to myself, in particular via mailing lists.
>> This issue seems to be addressed meanwhile via
>>
>> https://git.reviewboard.kde.org/r/117056/
>>
>> by fixing the underlying polkit qt binding.
>
> Is the proposed change really correct? It uses getuid() as the subject,
> which looks wrong if you want to use this wrapper to check the capabilities
> of a D-Bus peer.
Indeed, please see here:
https://bugzilla.novell.com/show_bug.cgi?id=864716
I'd avoid anything with PolkitProcessSubject entirely.
Sebastian
--
~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer@suse.de - SuSE Security Team
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic