aboutsummaryrefslogtreecommitdiffstats
path: root/community/gvfs/CVE-2019-12447.patch
blob: 4b37fc5070e3f0b8de320c40039a15fae770de00 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
diff --git a/daemon/gvfsbackendadmin.c b/daemon/gvfsbackendadmin.c
index d67353d..daa6df9 100644
--- a/daemon/gvfsbackendadmin.c
+++ b/daemon/gvfsbackendadmin.c
@@ -907,7 +907,8 @@ g_vfs_backend_admin_init (GVfsBackendAdmin *self)
 
 #define REQUIRED_CAPS (CAP_TO_MASK(CAP_FOWNER) | \
                        CAP_TO_MASK(CAP_DAC_OVERRIDE) | \
-                       CAP_TO_MASK(CAP_DAC_READ_SEARCH))
+                       CAP_TO_MASK(CAP_DAC_READ_SEARCH) | \
+                       CAP_TO_MASK(CAP_CHOWN))
 
 static void
 acquire_caps (uid_t uid)
@@ -919,10 +920,15 @@ acquire_caps (uid_t uid)
   if (prctl (PR_SET_KEEPCAPS, 1, 0, 0, 0) < 0)
     g_error ("prctl(PR_SET_KEEPCAPS) failed");
 
-  /* Drop root uid, but retain the required permitted caps */
-  if (setuid (uid) < 0)
+  /* Set euid to user to make dbus work */
+  if (seteuid (uid) < 0)
     g_error ("unable to drop privs");
 
+  /* Set fsuid to still behave like root when working with files */
+  setfsuid (0);
+  if (setfsuid (-1) != 0)
+   g_error ("setfsuid failed");
+
   memset (&hdr, 0, sizeof(hdr));
   hdr.version = _LINUX_CAPABILITY_VERSION;