Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:AndreasSchwab:13.1
kdelibs4
0001-Use-dbus-system-bus-name-instead-of-PID-fo...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0001-Use-dbus-system-bus-name-instead-of-PID-for-authenti.patch of Package kdelibs4
From 51cabd09ee9a6b26449a1b1839e002a7445e2dd3 Mon Sep 17 00:00:00 2001 From: "Martin T. H. Sandsmark" <martin.sandsmark@kde.org> Date: Mon, 21 Jul 2014 22:52:40 +0200 Subject: [PATCH 01/01] Use dbus system bus name instead of PID for authentication. Using the PID for authentication is prone to a PID reuse race condition, and a security issue. REVIEW: 119323 --- kdecore/auth/backends/polkit-1/Polkit1Backend.cpp | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) diff --git a/kdecore/auth/backends/polkit-1/Polkit1Backend.cpp b/kdecore/auth/backends/polkit-1/Polkit1Backend.cpp index cd7f6f3..732d2cb 100644 --- a/kdecore/auth/backends/polkit-1/Polkit1Backend.cpp +++ b/kdecore/auth/backends/polkit-1/Polkit1Backend.cpp @@ -144,7 +144,7 @@ void Polkit1Backend::setupAction(const QString &action) Action::AuthStatus Polkit1Backend::actionStatus(const QString &action) { - PolkitQt1::UnixProcessSubject subject(QCoreApplication::applicationPid()); + PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID())); PolkitQt1::Authority::Result r = PolkitQt1::Authority::instance()->checkAuthorizationSync(action, subject, PolkitQt1::Authority::None); switch (r) { @@ -160,21 +160,12 @@ Action::AuthStatus Polkit1Backend::actionStatus(const QString &action) QByteArray Polkit1Backend::callerID() const { - QByteArray a; - QDataStream s(&a, QIODevice::WriteOnly); - s << QCoreApplication::applicationPid(); - - return a; + return QDBusConnection::systemBus().baseService().toUtf8(); } bool Polkit1Backend::isCallerAuthorized(const QString &action, QByteArray callerID) { - QDataStream s(&callerID, QIODevice::ReadOnly); - qint64 pid; - - s >> pid; - - PolkitQt1::UnixProcessSubject subject(pid); + PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID)); PolkitQt1::Authority *authority = PolkitQt1::Authority::instance(); PolkitResultEventLoop e; -- 2.0.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor