commit: a274fc8a5fd7791e5292e72f48586de6e503ef48 Author: Yixun Lan <dlan <AT> gentoo <DOT> org> AuthorDate: Tue Nov 19 06:15:46 2019 +0000 Commit: Yixun Lan <dlan <AT> gentoo <DOT> org> CommitDate: Mon Mar 16 15:14:13 2020 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a274fc8a
app-i18n/ibus: fix missing authorization error Bug: https://bugs.gentoo.org/695526 Package-Manager: Portage-2.3.79, Repoman-2.3.18 Signed-off-by: Yixun Lan <dlan <AT> gentoo.org> .../ibus/files/ibus-1.5.21-fix-authorization.patch | 175 +++++++++++++++++++++ .../{ibus-1.5.21.ebuild => ibus-1.5.21-r1.ebuild} | 1 + 2 files changed, 176 insertions(+) diff --git a/app-i18n/ibus/files/ibus-1.5.21-fix-authorization.patch b/app-i18n/ibus/files/ibus-1.5.21-fix-authorization.patch new file mode 100644 index 00000000000..8b7674cddea --- /dev/null +++ b/app-i18n/ibus/files/ibus-1.5.21-fix-authorization.patch @@ -0,0 +1,175 @@ +From 3d442dbf936d197aa11ca0a71663c2bc61696151 Mon Sep 17 00:00:00 2001 +From: fujiwarat <[email protected]> +Date: Fri, 13 Sep 2019 15:59:03 +0900 +Subject: [PATCH] bus: Implement GDBusAuthObserver callback + +ibus uses a GDBusServer with G_DBUS_SERVER_FLAGS_AUTHENTICATION_ALLOW_ANONYMOUS, +and doesn't set a GDBusAuthObserver, which allows anyone who can connect +to its AF_UNIX socket to authenticate and be authorized to send method calls. +It also seems to use an abstract AF_UNIX socket, which does not have +filesystem permissions, so the practical effect might be that a local +attacker can connect to another user's ibus service and make arbitrary +method calls. + +BUGS=rhbz#1717958 +--- + bus/server.c | 89 ++++++++++++++++++++++++++++++++++++++++++---------- + 1 file changed, 73 insertions(+), 16 deletions(-) + +diff --git a/bus/server.c b/bus/server.c +index 3a626230..2439de14 100644 +--- a/bus/server.c ++++ b/bus/server.c +@@ -2,7 +2,8 @@ + /* vim:set et sts=4: */ + /* bus - The Input Bus + * Copyright (C) 2008-2010 Peng Huang <[email protected]> +- * Copyright (C) 2008-2010 Red Hat, Inc. ++ * Copyright (C) 2011-2019 Takao Fujiwara <[email protected]> ++ * Copyright (C) 2008-2019 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public +@@ -69,17 +70,64 @@ _restart_server (void) + exit (-1); + } + ++/** ++ * bus_allow_mechanism_cb: ++ * @observer: A #GDBusAuthObserver. ++ * @mechanism: The name of the mechanism. ++ * @user_data: always %NULL. ++ * ++ * Check if @mechanism can be used to authenticate the other peer. ++ * Returns: %TRUE if the peer's mechanism is allowed. ++ */ ++static gboolean ++bus_allow_mechanism_cb (GDBusAuthObserver *observer, ++ const gchar *mechanism, ++ G_GNUC_UNUSED gpointer user_data) ++{ ++ if (g_strcmp0 (mechanism, "EXTERNAL") == 0) ++ return TRUE; ++ return FALSE; ++} ++ ++/** ++ * bus_authorize_authenticated_peer_cb: ++ * @observer: A #GDBusAuthObserver. ++ * @stream: A #GIOStream. ++ * @credentials: A #GCredentials. ++ * @user_data: always %NULL. ++ * ++ * Check if a peer who has already authenticated should be authorized. ++ * Returns: %TRUE if the peer's credential is authorized. ++ */ ++static gboolean ++bus_authorize_authenticated_peer_cb (GDBusAuthObserver *observer, ++ GIOStream *stream, ++ GCredentials *credentials, ++ G_GNUC_UNUSED gpointer user_data) ++{ ++ gboolean authorized = FALSE; ++ if (credentials) { ++ GCredentials *own_credentials = g_credentials_new (); ++ if (g_credentials_is_same_user (credentials, own_credentials, NULL)) ++ authorized = TRUE; ++ g_object_unref (own_credentials); ++ } ++ return authorized; ++} ++ + /** + * bus_new_connection_cb: +- * @user_data: always NULL. +- * @returns: TRUE when the function can handle the connection. ++ * @observer: A #GDBusAuthObserver. ++ * @dbus_connection: A #GDBusconnection. ++ * @user_data: always %NULL. + * + * Handle incoming connections. ++ * Returns: %TRUE when the function can handle the connection. + */ + static gboolean +-bus_new_connection_cb (GDBusServer *server, +- GDBusConnection *dbus_connection, +- gpointer user_data) ++bus_new_connection_cb (GDBusServer *server, ++ GDBusConnection *dbus_connection, ++ G_GNUC_UNUSED gpointer user_data) + { + BusConnection *connection = bus_connection_new (dbus_connection); + bus_dbus_impl_new_connection (dbus, connection); +@@ -94,9 +142,9 @@ bus_new_connection_cb (GDBusServer *server, + } + + static void +-_server_connect_start_portal_cb (GObject *source_object, +- GAsyncResult *res, +- gpointer user_data) ++_server_connect_start_portal_cb (GObject *source_object, ++ GAsyncResult *res, ++ G_GNUC_UNUSED gpointer user_data) + { + GVariant *result; + GError *error = NULL; +@@ -113,9 +161,9 @@ _server_connect_start_portal_cb (GObject *source_object, + } + + static void +-bus_acquired_handler (GDBusConnection *connection, +- const gchar *name, +- gpointer user_data) ++bus_acquired_handler (GDBusConnection *connection, ++ const gchar *name, ++ G_GNUC_UNUSED gpointer user_data) + { + g_dbus_connection_call (connection, + IBUS_SERVICE_PORTAL, +@@ -136,14 +184,17 @@ void + bus_server_init (void) + { + GError *error = NULL; ++ GDBusServerFlags flags = G_DBUS_SERVER_FLAGS_NONE; ++ gchar *guid; ++ GDBusAuthObserver *observer; + + dbus = bus_dbus_impl_get_default (); + ibus = bus_ibus_impl_get_default (); + bus_dbus_impl_register_object (dbus, (IBusService *)ibus); + + /* init server */ +- GDBusServerFlags flags = G_DBUS_SERVER_FLAGS_AUTHENTICATION_ALLOW_ANONYMOUS; +- gchar *guid = g_dbus_generate_guid (); ++ guid = g_dbus_generate_guid (); ++ observer = g_dbus_auth_observer_new (); + if (!g_str_has_prefix (g_address, "unix:tmpdir=") && + !g_str_has_prefix (g_address, "unix:path=")) { + g_error ("Your socket address does not have the format unix:tmpdir=$DIR " +@@ -152,7 +203,7 @@ bus_server_init (void) + server = g_dbus_server_new_sync ( + g_address, /* the place where the socket file lives, e.g. /tmp, abstract namespace, etc. */ + flags, guid, +- NULL /* observer */, ++ observer, + NULL /* cancellable */, + &error); + if (server == NULL) { +@@ -162,7 +213,13 @@ bus_server_init (void) + } + g_free (guid); + +- g_signal_connect (server, "new-connection", G_CALLBACK (bus_new_connection_cb), NULL); ++ g_signal_connect (observer, "allow-mechanism", ++ G_CALLBACK (bus_allow_mechanism_cb), NULL); ++ g_signal_connect (observer, "authorize-authenticated-peer", ++ G_CALLBACK (bus_authorize_authenticated_peer_cb), NULL); ++ g_object_unref (observer); ++ g_signal_connect (server, "new-connection", ++ G_CALLBACK (bus_new_connection_cb), NULL); + + g_dbus_server_start (server); + +-- +2.24.0 + diff --git a/app-i18n/ibus/ibus-1.5.21.ebuild b/app-i18n/ibus/ibus-1.5.21-r1.ebuild similarity index 98% rename from app-i18n/ibus/ibus-1.5.21.ebuild rename to app-i18n/ibus/ibus-1.5.21-r1.ebuild index 7d58048b667..16b7862de4c 100644 --- a/app-i18n/ibus/ibus-1.5.21.ebuild +++ b/app-i18n/ibus/ibus-1.5.21-r1.ebuild @@ -71,6 +71,7 @@ DEPEND="${CDEPEND} nls? ( sys-devel/gettext ) unicode? ( app-i18n/unicode-data )" +PATCHES=( "${FILESDIR}"/${P}-fix-authorization.patch ) src_prepare() { vala_src_prepare --ignore-use sed -i "/UCD_DIR=/s/\$with_emoji_annotation_dir/\$with_ucd_dir/" configure.ac
