Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 26 Mar 2014 09:08:56 +0100
From: Sebastian Krahmer <>
Subject: Re: KAuth security issues

On Wed, Mar 26, 2014 at 08:56:51AM +0100, Florian Weimer wrote:
> On 03/26/2014 08:10 AM, Sebastian Krahmer wrote:
>> I love to talk to myself, in particular via mailing lists.
>> This issue seems to be addressed meanwhile via
>> by fixing the underlying polkit qt binding.
> Is the proposed change really correct?  It uses getuid() as the subject, 
> which looks wrong if you want to use this wrapper to check the capabilities 
> of a D-Bus peer.

Indeed, please see here:

I'd avoid anything with PolkitProcessSubject entirely.



~ perl
~ $_='print"\$_=\47$_\47;eval"';eval
~ - SuSE Security Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ