Ubuntu
policykit-1 package

  1. Bug #532852
  2. Comment #7

Comment 7 for bug 532852

Revision history for this message
James Westby (james-w) wrote :

https://bugs.freedesktop.org/enter_bug.cgi?product=PolicyKit&short_desc=pkexec%20information%20disclosure%20vulnerability&long_desc=Originally%20reported%20at:%0A%20%20https://bugs.edge.launchpad.net/bugs/532852%0A%0ABinary%20package%20hint:%20policykit-1%0A%0Apkexec%20is%20vulnerable%20to%20a%20minor%20information%20disclosure%20vulnerability%20that%20allows%20an%20attacker%20to%20verify%20whether%20or%20not%20arbitrary%20files%20exist,%20violating%20directory%20permissions.%20%20I%20reproduced%20the%20issue%20on%20my%20Karmic%20installation%20as%20follows:%0A%0A$%20mkdir%20secret%0A$%20sudo%20chown%20root:root%20secret%0A$%20sudo%20chmod%20400%20secret%0A$%20sudo%20touch%20secret/hidden%0A$%20pkexec%20/home/drosenbe/secret/hidden%0A(password%20prompt)%0A$%20pkexec%20/home/drosenbe/secret/doesnotexist%0AError%20getting%20information%20about%20/home/drosenbe/secret/doesnotexist:%20No%20such%20file%20or%20directory%0A%0AI've%20attached%20a%20simple%20patch%20that%20resolves%20the%20issue%20by%20using%20access()%20to%20check%20whether%20or%20not%20the%20user%20has%20permission%20to%20verify%20the%20existence%20of%20the%20file%20before%20calling%20stat()%20on%20it.

is a URL that launchpad just suggested you use to file the bug
directly.

  http://tinyurl.com/yczgz4u

is the shorter version of that.

Thanks,

James