policykit or policykit-gnome do not work with passwords containing "%" character
Bug #205037 reported by
Boris Erdmann
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| PolicyKit |
Fix Released
|
Critical
|
|||
| policykit (PLD Linux) |
Fix Released
|
High
|
Patryk Zawadzki | ||
| policykit (Ubuntu) |
Fix Released
|
High
|
Kees Cook | ||
Bug Description
If you have a "%" character in your password you cannot unlock any application
/var/log/auth.log shows:
Mar 22 01:33:30 lorbas-laptop polkit-
Mar 22 01:33:39 lorbas-laptop polkit-
Mar 22 01:33:39 lorbas-laptop polkit-
I check "security vulnerability" because I think that the % character might trigger an evaluation of %s, like in sprintf for example
Related branches
CVE References
| Changed in policykit: | |
| assignee: | nobody → pitti |
| importance: | Undecided → Critical |
| status: | New → In Progress |
Revision history for this message
| Martin Pitt (pitti) wrote | #1 |
| Changed in policykit: | |
| importance: | Critical → Medium |
| status: | In Progress → Incomplete |
Revision history for this message
| Christoph Langner (chrissss) wrote | #2 |
Revision history for this message
| Ralf Schulze (ralf-schulze) wrote | #3 |
| Changed in policykit: | |
| status: | Incomplete → Confirmed |
| Changed in policykit: | |
| importance: | Medium → High |
| status: | Confirmed → In Progress |
Revision history for this message
| Ralf Schulze (ralf-schulze) wrote | #4 |
Revision history for this message
| Kees Cook (kees) wrote Re: policykit or policykit-gome do not work with passwords containing "%" character | #8 |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #9 |
| Changed in policykit: | |
| status: | In Progress → Fix Released |
Revision history for this message
| Kees Cook (kees) wrote | #10 |
| Changed in policykit: | |
| assignee: | pitti → keescook |
| Changed in policykit: | |
| status: | Unknown → Confirmed |
Revision history for this message
| Kees Cook (kees) wrote | #12 |
| Changed in policykit: | |
| status: | Confirmed → Fix Released |
Revision history for this message
| Patryk Zawadzki (patrys) wrote | #15 |
Revision history for this message
| Elan Ruusamäe (glen666) wrote | #16 |
| Changed in policykit: | |
| importance: | Unknown → Critical |
| Changed in policykit: | |
| importance: | Critical → Unknown |
| Changed in policykit: | |
| importance: | Unknown → Critical |
To post a comment you must log in.
Hm, I tried to change my password to "foo%bar", and was able to authenticate with it. When I mistype the password, I get auth.log entries similar to your's.
So I cannot reproduce this bug. Can you please do
POLKIT_DEBUG=1 users-admin 2>&1|tee /tmp/debug.log
then try to authenticate, and after that, send me /tmp/debug.log?