[Bug 1134131] New: AUDIT-0: deepin-file-manager: new polkit actions of deepin-file-manager
http://bugzilla.opensuse.org/show_bug.cgi?id=1134131 Bug ID: 1134131 Summary: AUDIT-0: deepin-file-manager: new polkit actions of deepin-file-manager Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: All OS: openSUSE Factory Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: hillwoodroc@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Created attachment 804187 --> http://bugzilla.opensuse.org/attachment.cgi?id=804187&action=edit com.deepin.pkexec.usb-device-formatter.policy Please check them, thanks! [ 556s] deepin-file-manager.x86_64: E: polkit-untracked-privilege (Badness: 10) com.deepin.filemanager.daemon.NewCopyJob (auth_admin:auth_admin:auth_admin) [ 556s] deepin-file-manager.x86_64: E: polkit-untracked-privilege (Badness: 10) com.deepin.filemanager.daemon.NewCreateFolderJob (auth_admin:auth_admin:auth_admin) [ 556s] deepin-file-manager.x86_64: E: polkit-untracked-privilege (Badness: 10) com.deepin.filemanager.daemon.NewCreateTemplateFileJob (auth_admin:auth_admin:auth_admin) [ 556s] deepin-file-manager.x86_64: E: polkit-untracked-privilege (Badness: 10) com.deepin.filemanager.daemon.NewDeleteJob (auth_admin:auth_admin:auth_admin) [ 556s] deepin-file-manager.x86_64: E: polkit-untracked-privilege (Badness: 10) com.deepin.filemanager.daemon.NewMoveJob (auth_admin:auth_admin:auth_admin) [ 556s] deepin-file-manager.x86_64: E: polkit-untracked-privilege (Badness: 10) com.deepin.filemanager.daemon.NewRenameJob (auth_admin:auth_admin:auth_admin) [ 556s] deepin-file-manager.x86_64: E: polkit-untracked-privilege (Badness: 10) com.deepin.pkexec.dde-file-manager (auth_admin:auth_admin:auth_admin_keep) [ 556s] The privilege is not listed in /etc/polkit-default-privs.* which makes it [ 556s] harder for admins to find. Furthermore polkit authorization checks can easily [ 556s] introduce security issues. If the package is intended for inclusion in any [ 556s] SUSE product please open a bug report to request review of the package by the [ 556s] security team. Please refer to [ 556s] https://en.opensuse.org/openSUSE:Package_security_guidelines#audit_bugs for [ 556s] more information. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1134131 http://bugzilla.opensuse.org/show_bug.cgi?id=1134131#c1 --- Comment #1 from Hillwood Yang <hillwoodroc@gmail.com> --- Created attachment 804188 --> http://bugzilla.opensuse.org/attachment.cgi?id=804188&action=edit com.deepin.pkexec.dde-file-manager.policy -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1134131 http://bugzilla.opensuse.org/show_bug.cgi?id=1134131#c2 --- Comment #2 from Hillwood Yang <hillwoodroc@gmail.com> --- Created attachment 804189 --> http://bugzilla.opensuse.org/attachment.cgi?id=804189&action=edit com.deepin.filemanager.daemon.policy -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1134131 http://bugzilla.opensuse.org/show_bug.cgi?id=1134131#c3 --- Comment #3 from Hillwood Yang <hillwoodroc@gmail.com> --- This project is at https://build.opensuse.org/package/show/X11:Deepin:Factory/deepin-file-manag... -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1134131 Felix Yan <felixonmars@archlinux.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |felixonmars@archlinux.org OS|openSUSE Factory |All -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1134131 http://bugzilla.opensuse.org/show_bug.cgi?id=1134131#c13 Hillwood Yang <hillwoodroc@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|NORESPONSE |--- --- Comment #13 from Hillwood Yang <hillwoodroc@gmail.com> --- I see (In reply to Matthias Gerstner from comment #11)
(In reply to moyanhao@deepin.com from comment #8)
https://github.com/linuxdeepin/dde-file-manager/pull/195 requiring authorization before take actions.
Okay, this reduces the attack surface considerably by default.
https://github.com/linuxdeepin/dde-file-manager/pull/194 remove unused com.deepin.filemanager.daemon.policy
Good, this is necessary cleanup.
https://github.com/linuxdeepin/dde-file-manager/pull/193 fix crash issues while execute without parameter, and unify the output between not existing and not a block device.
Hmm the check `!path.startsWith("/dev/")` is not good style. You need to stat() the file and check the file type. You should also make sure the path is not a symlink (by using O_NOFOLLOW). A sequence like
int fd = open(path, O_PATH | O_NOFOLLOW); struct stat s; fstat(fd, &s); if( ! (s.st_mode & S_IFBLK) || s.st_uid != 0) { // fail }
would be needed. Don't know right away how to achieve that best with Qt API, it is not well designed for security, sadly.
You can additionally keep the check for the /dev prefix but before checking for that prefix you should normalize the path, otherwise the user can simply specify something like /dev/../root/.bashrc.
https://github.com/linuxdeepin/dde-file-manager/pull/196 compatibility with new format of lsblk output
Okay this should work.
https://github.com/linuxdeepin/dde-file-manager/pull/190 don't read .pam_enviroment any more
Good.
I see all the pull request have been merged by upstream. And upstream update these polikit profiles. I think polikit profiles could be reappraised now. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1134131 http://bugzilla.opensuse.org/show_bug.cgi?id=1134131#c15 Hillwood Yang <hillwoodroc@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |justforlxz@gmail.com --- Comment #15 from Hillwood Yang <hillwoodroc@gmail.com> --- Assign to justforlxz@gmail.com -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1134131 http://bugzilla.opensuse.org/show_bug.cgi?id=1134131#c16 --- Comment #16 from Hillwood Yang <hillwoodroc@gmail.com> --- (In reply to Matthias Gerstner from comment #14)
we currently have a high load of reviews, it will take a while longer before I can look at deepin again.
Upstream provided some fixes, please review them here: https://github.com/linuxdeepin/developer-center/issues/2273 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1134131 http://bugzilla.opensuse.org/show_bug.cgi?id=1134131#c18 --- Comment #18 from Hillwood Yang <hillwoodroc@gmail.com> --- Here is the new release: https://build.opensuse.org/package/show/home:hillwood:branches:X11:Deepin:Fa... [ 377s] deepin-file-manager.x86_64: E: polkit-untracked-privilege (Badness: 10) com.deepin.filemanager.daemon.UserShareManager (no:no:auth_admin_keep) [ 377s] deepin-file-manager.x86_64: E: polkit-untracked-privilege (Badness: 10) com.deepin.filemanager.daemon.AccessControlManager (no:no:auth_admin_keep) [ 377s] deepin-file-manager.x86_64: E: polkit-untracked-privilege (Badness: 10) com.deepin.filemanager.daemon.VaultManager.Create (no:no:auth_admin_keep) [ 377s] deepin-file-manager.x86_64: E: polkit-untracked-privilege (Badness: 10) com.deepin.filemanager.daemon.VaultManager.Remove (no:no:auth_admin_keep) [ 377s] deepin-file-manager.x86_64: E: polkit-untracked-privilege (Badness: 10) com.deepin.filemanager.vault.VerifyKey.RetrievePassword (no:no:auth_admin_keep) [ 377s] deepin-file-manager.x86_64: E: polkit-untracked-privilege (Badness: 10) com.deepin.pkexec.dde-file-manager (no:no:auth_admin_keep) -- You are receiving this mail because: You are on the CC list for the bug.
participants (2)
-
bugzilla_noreply@novell.com -
bugzilla_noreply@suse.com