Ubuntu
screen-resolution-extra package

PID reuse race with Policykit check

Bug #1753772 reported by Chris Coulson on 2018-03-06

258

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	screen-resolution-extra (Ubuntu)	Fix Released	Undecided	Unassigned

Bug Description

PolicyKitService._check_permission in /usr/share/screen-resolution-extra/screenresolution-mechanism requests the calling process's PID from dbus using the org.freedesktop.DBus.GetConnectionUnixProcessID API, and then uses this PID to verify whether the calling process is permitted to perform the requested action via Policykit. Policykit maps this to a uid by looking in /proc/$pid.

This is subject to a PID reuse race, If an attacker were to hit this race condition, they could replace /etc/X11/xorg.conf with an arbitrary file, or back up /etc/X11/xorg.conf to any file on the system.

Revision history for this message

Chris Coulson (chrisccoulson) wrote on 2018-03-21:

debdiff Edit (1.7 KiB, text/plain)

This is what I've uploaded to the security PPA for artful. Alberto, does this look ok to you?

Chris Coulson (chrisccoulson) on 2018-04-13

Changed in screen-resolution-extra (Ubuntu):
status:	New → Fix Released
information type:	Private Security → Public Security

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

debdiff Edit

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuscreen-resolution-extra package