https://bugs.freedesktop.org/enter_bug.cgi?product=PolicyKit&short_desc=pkexec%20information%20disclosure%20vulnerability&long_desc=Originally%20reported%20at:%0A%20%20https://bugs.edge.launchpad.net/bugs/532852%0A%0ABinary%20package%20hint:%20policykit-1%0A%0Apkexec%20is%20vulnerable%20to%20a%20minor%20information%20disclosure%20vulnerability%20that%20allows%20an%20attacker%20to%20verify%20whether%20or%20not%20arbitrary%20files%20exist,%20violating%20directory%20permissions.%20%20I%20reproduced%20the%20issue%20on%20my%20Karmic%20installation%20as%20follows:%0A%0A$%20mkdir%20secret%0A$%20sudo%20chown%20root:root%20secret%0A$%20sudo%20chmod%20400%20secret%0A$%20sudo%20touch%20secret/hidden%0A$%20pkexec%20/home/drosenbe/secret/hidden%0A(password%20prompt)%0A$%20pkexec%20/home/drosenbe/secret/doesnotexist%0AError%20getting%20information%20about%20/home/drosenbe/secret/doesnotexist:%20No%20such%20file%20or%20directory%0A%0AI've%20attached%20a%20simple%20patch%20that%20resolves%20the%20issue%20by%20using%20access()%20to%20check%20whether%20or%20not%20the%20user%20has%20permission%20to%20verify%20the%20existence%20of%20the%20file%20before%20calling%20stat()%20on%20it.
is a URL that launchpad just suggested you use to file the bug directly.
http://tinyurl.com/yczgz4u
is the shorter version of that.
Thanks,
James
https:/ /bugs.freedeskt op.org/ enter_bug. cgi?product= PolicyKit& short_desc= pkexec% 20information% 20disclosure% 20vulnerability &long_desc= Originally% 20reported% 20at:%0A% 20%20https: //bugs. edge.launchpad. net/bugs/ 532852% 0A%0ABinary% 20package% 20hint: %20policykit- 1%0A%0Apkexec% 20is%20vulnerab le%20to% 20a%20minor% 20information% 20disclosure% 20vulnerability %20that% 20allows% 20an%20attacker %20to%20verify% 20whether% 20or%20not% 20arbitrary% 20files% 20exist, %20violating% 20directory% 20permissions. %20%20I% 20reproduced% 20the%20issue% 20on%20my% 20Karmic% 20installation% 20as%20follows: %0A%0A$ %20mkdir% 20secret% 0A$%20sudo% 20chown% 20root: root%20secret% 0A$%20sudo% 20chmod% 20400%20secret% 0A$%20sudo% 20touch% 20secret/ hidden% 0A$%20pkexec% 20/home/ drosenbe/ secret/ hidden% 0A(password% 20prompt) %0A$%20pkexec% 20/home/ drosenbe/ secret/ doesnotexist% 0AError% 20getting% 20information% 20about% 20/home/ drosenbe/ secret/ doesnotexist: %20No%20such% 20file% 20or%20director y%0A%0AI' ve%20attached% 20a%20simple% 20patch% 20that% 20resolves% 20the%20issue% 20by%20using% 20access( )%20to% 20check% 20whether% 20or%20not% 20the%20user% 20has%20permiss ion%20to% 20verify% 20the%20existen ce%20of% 20the%20file% 20before% 20calling% 20stat( )%20on% 20it.
is a URL that launchpad just suggested you use to file the bug
directly.
http:// tinyurl. com/yczgz4u
is the shorter version of that.
Thanks,
James