Control: tags -1 + patch Hi
I propose something like the attached debdiff, restricting to auth_admin only in the conffile. Regards, Salvatore
diff -u gksu-polkit-0.0.3/debian/changelog gksu-polkit-0.0.3/debian/changelog
--- gksu-polkit-0.0.3/debian/changelog
+++ gksu-polkit-0.0.3/debian/changelog
@@ -1,3 +1,12 @@
+gksu-polkit (0.0.3-1.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Request priviledged credentials in default policy.
+ Change default policy to allow privileged code execution only with
+ priviledged credentials. CVE-2012-5617. (Closes: #695807)
+
+ -- Salvatore Bonaccorso <car...@debian.org> Thu, 07 Mar 2013 17:06:28 +0100
+
gksu-polkit (0.0.3-1) unstable; urgency=low
* Fix glib includes (Closes: #665534)
only in patch2:
unchanged:
--- gksu-polkit-0.0.3.orig/data/org.gnome.gksu.policy
+++ gksu-polkit-0.0.3/data/org.gnome.gksu.policy
@@ -10,9 +10,9 @@
<description>spawn</description>
<message>System policy prevents executing a program with administration
privileges</message>
<defaults>
- <allow_any>auth_self</allow_any>
- <allow_inactive>auth_self</allow_inactive>
- <allow_active>auth_self</allow_active>
+ <allow_any>auth_admin</allow_any>
+ <allow_inactive>auth_admin</allow_inactive>
+ <allow_active>auth_admin</allow_active>
</defaults>
</action>
signature.asc
Description: Digital signature
