Devuan bug report logs - #268
policykit-1: CVE-2018-19788

Package: policykit-1; Severity: critical; Reported by: Berbe <[email protected]>; merged with #269; Done: KatolaZ <[email protected]>; Maintainer for policykit-1 is Devuan Dev Team <[email protected]>.

Message received at [email protected]:

Date: Wed, 27 Feb 2019 11:39:41 +0100
From: KatolaZ <[email protected]>
To: [email protected]
Subject: solved in beowulf
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="vcy6cimoko4p6jrk"
Content-Disposition: inline
User-Agent: NeoMutt/20170113 (1.7.2)


--vcy6cimoko4p6jrk
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

This has been solved in policykit-0.105-25+devuan1, available in
beowulf and ceres. Closing.


--vcy6cimoko4p6jrk
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iF0EABECAB0WIQSOWdaqRF79tKFTPVpfILOuC18GLwUCXHZo7QAKCRBfILOuC18G
L4pkAJ9woTAlntVgxQ7dm4xlGv8/2OVHKwCeLCLHNeynWA/LJjVKmHMGnSnU7Gs=
=yH5+
-----END PGP SIGNATURE-----

--vcy6cimoko4p6jrk--

Notification sent to Berbe <[email protected]>:
bug acknowledged by developer. Full text available.

Reply sent to KatolaZ <[email protected]>:
You have taken responsibility. Full text available.

Message received at [email protected]:

Resent-From: Enzo <[email protected]>
Resent-Date: Sat, 8 Dec 2018 10:56:34 +0100
Resent-Message-ID: <[email protected]>
Resent-To: [email protected]
Date: Sat, 8 Dec 2018 10:17:18 +0100
From: KatolaZ <[email protected]>
To: [email protected]
Subject: mmhhh
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="inqsdvv7znhsuzot"
Content-Disposition: inline
User-Agent: NeoMutt/20170113 (1.7.2)

--inqsdvv7znhsuzot
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

There is no need to become root in order to use `service`:

$ /usr/sbin/service nginx status
[ ok ] nginx is running.
$

Even with a user with id larger than 4000000000:

$ sudo -u testpolkit /usr/sbin/service nginx stop
[....] Stopping nginx: nginxstart-stop-daemon: warning: failed to kill 2509: Operation not permitted
. ok
$

That's because sudo does *not* use policykit to test user privileges
(rather, it uses its own config files). So maybe this is not
applicable in this case?

HND

KatolaZ

--inqsdvv7znhsuzot
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iF0EABECAB0WIQSOWdaqRF79tKFTPVpfILOuC18GLwUCXAuMHAAKCRBfILOuC18G
Lx6cAJwN3gJXo8n6wnxhlHv/kMTu9wydlwCfZTgjMrHT62Ebg1inz4UdLcVfFhA=
=6Ri0
-----END PGP SIGNATURE-----

--inqsdvv7znhsuzot--

Acknowledgement sent to KatolaZ <[email protected]>:
Extra info received and forwarded to list. Copy sent to [email protected]. Full text available.

Information forwarded to [email protected], [email protected]:
bug#268; Package policykit-1. Full text available.

Merged 268 269. Request was from KatolaZ <[email protected]> to [email protected]. Full text available.

Message received at [email protected]:

Received: (at 268) by bugs.devuan.org; 8 Dec 2018 09:15:50 +0000
Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: from tupac3.dyne.org [195.169.149.119]
	by fulcanelli with IMAP (fetchmail-6.3.26)
	for <debbugs@localhost> (single-drop); Sat, 08 Dec 2018 10:15:50 +0100 (CET)
Received: from [127.0.0.1] (localhost [127.0.0.1])
	(Authenticated sender: [email protected])
	with ESMTPSA id 9419EF6097C
Date: Sat, 8 Dec 2018 10:17:18 +0100
From: KatolaZ <[email protected]>
To: [email protected]
Subject: mmhhh
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="inqsdvv7znhsuzot"
Content-Disposition: inline
User-Agent: NeoMutt/20170113 (1.7.2)
X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED
	autolearn=disabled version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on tupac3.dyne.org


--inqsdvv7znhsuzot
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

There is no need to become root in order to use `service`:

$ /usr/sbin/service nginx status
[ ok ] nginx is running.
$

Even with a user with id larger than 4000000000:

$ sudo -u testpolkit /usr/sbin/service nginx stop
[....] Stopping nginx: nginxstart-stop-daemon: warning: failed to kill 2509: Operation not permitted
. ok
$

That's because sudo does *not* use policykit to test user privileges
(rather, it uses its own config files). So maybe this is not
applicable in this case?

HND

KatolaZ



--inqsdvv7znhsuzot
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iF0EABECAB0WIQSOWdaqRF79tKFTPVpfILOuC18GLwUCXAuMHAAKCRBfILOuC18G
Lx6cAJwN3gJXo8n6wnxhlHv/kMTu9wydlwCfZTgjMrHT62Ebg1inz4UdLcVfFhA=
=6Ri0
-----END PGP SIGNATURE-----

--inqsdvv7znhsuzot--

Acknowledgement sent to KatolaZ <[email protected]>:
Extra info received and forwarded to list. Copy sent to [email protected]. Full text available.

Information forwarded to [email protected], [email protected]:
bug#268; Package policykit-1. Full text available.

Report forwarded to [email protected], [email protected]:
bug#268; Package policykit-1. Full text available.

Devuan bug report logs - #268 policykit-1: CVE-2018-19788

Message received at [email protected]:

Message received at [email protected]:

Message received at [email protected]:

Devuan bug report logs - #268
policykit-1: CVE-2018-19788