aboutsummaryrefslogtreecommitdiffstats
path: root/community/gvfs/CVE-2019-12447.patch
diff options
context:
space:
mode:
Diffstat (limited to 'community/gvfs/CVE-2019-12447.patch')
-rw-r--r--community/gvfs/CVE-2019-12447.patch33
1 files changed, 33 insertions, 0 deletions
diff --git a/community/gvfs/CVE-2019-12447.patch b/community/gvfs/CVE-2019-12447.patch
new file mode 100644
index 0000000000..4b37fc5070
--- /dev/null
+++ b/community/gvfs/CVE-2019-12447.patch
@@ -0,0 +1,33 @@
+diff --git a/daemon/gvfsbackendadmin.c b/daemon/gvfsbackendadmin.c
+index d67353d..daa6df9 100644
+--- a/daemon/gvfsbackendadmin.c
++++ b/daemon/gvfsbackendadmin.c
+@@ -907,7 +907,8 @@ g_vfs_backend_admin_init (GVfsBackendAdmin *self)
+
+ #define REQUIRED_CAPS (CAP_TO_MASK(CAP_FOWNER) | \
+ CAP_TO_MASK(CAP_DAC_OVERRIDE) | \
+- CAP_TO_MASK(CAP_DAC_READ_SEARCH))
++ CAP_TO_MASK(CAP_DAC_READ_SEARCH) | \
++ CAP_TO_MASK(CAP_CHOWN))
+
+ static void
+ acquire_caps (uid_t uid)
+@@ -919,10 +920,15 @@ acquire_caps (uid_t uid)
+ if (prctl (PR_SET_KEEPCAPS, 1, 0, 0, 0) < 0)
+ g_error ("prctl(PR_SET_KEEPCAPS) failed");
+
+- /* Drop root uid, but retain the required permitted caps */
+- if (setuid (uid) < 0)
++ /* Set euid to user to make dbus work */
++ if (seteuid (uid) < 0)
+ g_error ("unable to drop privs");
+
++ /* Set fsuid to still behave like root when working with files */
++ setfsuid (0);
++ if (setfsuid (-1) != 0)
++ g_error ("setfsuid failed");
++
+ memset (&hdr, 0, sizeof(hdr));
+ hdr.version = _LINUX_CAPABILITY_VERSION;
+
+