aboutsummaryrefslogtreecommitdiff
path: root/debian/patches/CVE-2020-27349.patch
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--debian/patches/CVE-2020-27349.patch31
1 files changed, 31 insertions, 0 deletions
diff --git a/debian/patches/CVE-2020-27349.patch b/debian/patches/CVE-2020-27349.patch
new file mode 100644
index 0000000..230ed4a
--- /dev/null
+++ b/debian/patches/CVE-2020-27349.patch
@@ -0,0 +1,31 @@
+From 5d6e1ca82a07ef1739dfea20ad17f077ceccfdcf Mon Sep 17 00:00:00 2001
+From: Julian Andres Klode <julian.klode@canonical.com>
+Date: Tue, 1 Dec 2020 12:25:00 +0100
+Subject: [PATCH] Check PolicyKit before simulating local install
+ (CVE-2020-27349)
+
+Given that we are opening a deb here as root that is controlled
+by a non-root user, without any authorization, this is a whole
+lot of safety issues.
+
+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1899193/
+---
+ aptdaemon/core.py | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/aptdaemon/core.py b/aptdaemon/core.py
+index 885b30b..6043b17 100644
+--- a/aptdaemon/core.py
++++ b/aptdaemon/core.py
+@@ -1073,6 +1073,8 @@ class Transaction(DBusObject):
+ def _simulate_real(self):
+ if self._simulated_cb:
+ raise errors.TransactionAlreadySimulating()
++ if self.role == enums.ROLE_INSTALL_FILE:
++ yield self._check_auth()
+ self.queue.worker.simulate(self)
+ deferred = Deferred()
+ if self._idle_watch is not None:
+--
+2.29.2
+
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-11 23:51:18 +0000