blob: 230ed4a988c88679efb802cd1a47681188053de1 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
From 5d6e1ca82a07ef1739dfea20ad17f077ceccfdcf Mon Sep 17 00:00:00 2001
From: Julian Andres Klode <julian.klode@canonical.com>
Date: Tue, 1 Dec 2020 12:25:00 +0100
Subject: [PATCH] Check PolicyKit before simulating local install
(CVE-2020-27349)
Given that we are opening a deb here as root that is controlled
by a non-root user, without any authorization, this is a whole
lot of safety issues.
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1899193/
---
aptdaemon/core.py | 2 ++
1 file changed, 2 insertions(+)
diff --git a/aptdaemon/core.py b/aptdaemon/core.py
index 885b30b..6043b17 100644
--- a/aptdaemon/core.py
+++ b/aptdaemon/core.py
@@ -1073,6 +1073,8 @@ class Transaction(DBusObject):
def _simulate_real(self):
if self._simulated_cb:
raise errors.TransactionAlreadySimulating()
+ if self.role == enums.ROLE_INSTALL_FILE:
+ yield self._check_auth()
self.queue.worker.simulate(self)
deferred = Deferred()
if self._idle_watch is not None:
--
2.29.2
|
