| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
Superuser should know that polkit is not running in emergency.target.
If not, basic info with debug sources is offered instead of error message.
Other usecases taken into account.
|
|
|
|
|
| |
Polkit raises unnecessarily elaborate warning message when user restarts machine from ssh.
This message was moved to debug mode.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Resolves: bz#106021
Subject: [PATCH] polkitd: fix zombie not reaped when js spawned process timed
out
The child watch source attached to thread context didn't work due
to the release of it's main loop and context outside. So we attach
the source to the global default main context to make it work and
avoid zombies.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As part of CVE-2013-4288, the D-Bus clients were allowed (and
encouraged) to submit the UID of the subject of authorization checks
to avoid races against UID changes (notably using executables
set-UID to root).
However, that also allowed any client to submit an arbitrary UID, and
that could be used to bypass "can only ask about / affect the same UID"
checks in CheckAuthorization / RegisterAuthenticationAgent /
UnregisterAuthenticationAgent. This allowed an attacker:
- With CheckAuthorization, to cause the registered authentication
agent in victim's session to pop up a dialog, or to determine whether
the victim currently has a temporary authorization to perform an
operation.
(In principle, the attacker can also determine whether JavaScript
rules allow the victim process to perform an operation; however,
usually rules base their decisions on information determined from
the supplied UID, so the attacker usually won't learn anything new.)
- With RegisterAuthenticationAgent, to prevent the victim's
authentication agent to work (for a specific victim process),
or to learn about which operations requiring authorization
the victim is attempting.
To fix this, expose internal _polkit_unix_process_get_owner() /
obsolete polkit_unix_process_get_owner() as a private
polkit_unix_process_get_racy_uid__() (being more explicit about the
dangers on relying on it), and use it in
polkit_backend_session_monitor_get_user_for_subject() to return
a boolean indicating whether the subject UID may be caller-chosen.
Then, in the permission checks that require the subject to be
equal to the caller, fail on caller-chosen UIDs (and continue
through the pre-existing code paths which allow root, or root-designated
server processes, to ask about arbitrary subjects.)
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
|
|
|
|
|
|
|
| |
The NEWS entry for the 0.114 release says the release was made a
year earlier than it was.
It's too late to fix the NEWS file in the actual release, but
still better to have it correct in version control.
|
|
|
|
|
|
|
|
|
|
| |
commit 00adeee1b62 attempted to add a "%s" format string to the
two JS_Report invocations that needed it, but somehow only got
one them.
This commit gets the other one.
https://bugzilla.gnome.org/show_bug.cgi?id=105865
|
| |
|
| |
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Currently polkit depends on mozjs24 to provide the JavaScript
support for the JavaScript authority.
The problem is, mozjs24 is quite old at this point. Most other
parts of the desktop have moved on.
This patchset updates polkit to target mozjs52, instead. As a
side benefit, we can re-enable the JIT, since it no longer seems
to conflict with the watchdog thread used to detect when a
javascript script is caught in an infinite loop.
Most of the porting work was made by looking at what changes GJS
performed when it retarted mozjs versions, and mimicing them.
I also got some inspiration and a commit from an earlier port to
mozjs38:
https://lists.freedesktop.org/archives/polkit-devel/2017-April/000533.html
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
An implicit authorization parameter is provided to
polkit_backend_js_authority_check_authorization_sync() for actions
without corresponding explicit rules. Assure that is honored rather
than simply being denied.
Signed-off-by: Jeremy Linton <jeremy.linton@arm.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
| |
| |
| |
| |
| |
| |
| |
| | |
seems to work with mozjs52
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
| |
| |
| |
| |
| |
| | |
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
| |
| |
| |
| |
| |
| |
| |
| | |
it's not around anymore.
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
| |
| |
| |
| |
| |
| | |
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
JS_EvaluateScript is no longer in the API set, so use
JS::Evaluate instead.
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
| |
| |
| |
| |
| |
| |
| |
| | |
JS_ExecuteScript no longer takes a global argument.
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The global object is implicit now and the result is an
out arg.
This commit adapts to the new api.
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
| |
| |
| |
| |
| |
| | |
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This commit drops usage of JS_AddObjectRoot and switches
the global object over to being wrapped in a JS::Heap
pointer. It stops using JS_DefineObject which no longer
seems to be available, and adds a new JS::FireOnNewGlobalHook
which seems to be required.
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
| |
| |
| |
| |
| |
| |
| |
| | |
seems like it got renamed.
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
| |
| |
| |
| |
| |
| |
| |
| | |
The way args are passed in changed.
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
| |
| |
| |
| |
| |
| | |
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
| |
| |
| |
| |
| |
| | |
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
| |
| |
| |
| |
| |
| | |
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
| |
| |
| |
| |
| |
| | |
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
| |
| |
| |
| |
| |
| | |
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
| |
| |
| |
| |
| |
| | |
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This commit does a global search and replace
for OBJECT_TO_JSVAL to JS::ObjectValue()
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This commit does a global search and replace
for JSVAL_VOID to JS::UndefinedValue()
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This commit does a global search and replace
for JSVAL_NULL to JS::NullValue()
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
| |
| |
| |
| |
| |
| |
| |
| | |
The API got renamed in mozjs31.
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
| |
| |
| |
| |
| |
| |
| |
| | |
It's been gone since mozjs31
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
| |
| |
| |
| |
| |
| |
| |
| | |
This just avoids the potential for security problems down the line.
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
| |
| |
| |
| |
| |
| | |
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This commit changes the code to use JS::SetWarningReporter instead
of JS_SetErrorReporter. The latter, as far as I can tell, is
just a slightly renamed version of the former with the args moved
around a little bit.
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
JS_SetOptions seems to be replaced with JS::ContextOptionsRef now.
Also, disabling the JIT seems to be three options now instead of just
one.
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
| |
| |
| |
| |
| |
| |
| |
| | |
This is now required
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
| |
| |
| |
| |
| |
| |
| |
| | |
This is now required
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
| |
| |
| |
| |
| |
| |
| |
| | |
it's now part of a behaviors method in CompartmentOptions
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
| |
| |
| |
| |
| |
| |
| |
| | |
Seems like JSContext is the only thing that matters now.
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
| |
| |
| |
| |
| |
| |
| |
| | |
since it doesn't crash if i do that
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
mozjs no longer has public stub functions that implementers of
JSClass objects are supposed to use. Instead NULL means
to use the default stub implementations.
Furthermore, the structure has been broken out into a JSClassOps
sub structure now.
This commit adapts the code to the new layout.
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
|/
|
|
|
|
|
|
| |
This is going to briefly break the build.
Signed-off-by: Ray Strode <rstrode@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=105865
|
|
|
|
|
|
|
|
|
| |
The caller of polkit_agent_listener_register() or similar is
responsible for handling returned errors (and/or print them).
Remove undconditional warning.
https://bugs.freedesktop.org/show_bug.cgi?id=78193
|
|
|
|
|
|
|
| |
polkit_agent_register_listener() is deprecated for a new function named
polkit_agent_listener_register(), not polkit_authority_listener_register().
Signed-off-by: Jiří Klimeš <jklimes@redhat.com>
|
|
|
|
|
|
| |
The offset has to be strictly less than the max.
https://bugs.freedesktop.org/show_bug.cgi?id=87716
|
|
|
|
|
| |
This ensures that we get all of the extensions consistently, rather
than having just a few files `#define _GNU_SOURCE`.
|