policykit or policykit-gnome do not work with passwords containing "%" character
Bug #205037 reported by
Boris Erdmann
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
PolicyKit |
Fix Released
|
Critical
|
|||
policykit (PLD Linux) |
Fix Released
|
High
|
Patryk Zawadzki | ||
policykit (Ubuntu) |
Fix Released
|
High
|
Kees Cook |
Bug Description
If you have a "%" character in your password you cannot unlock any application
/var/log/auth.log shows:
Mar 22 01:33:30 lorbas-laptop polkit-
Mar 22 01:33:39 lorbas-laptop polkit-
Mar 22 01:33:39 lorbas-laptop polkit-
I check "security vulnerability" because I think that the % character might trigger an evaluation of %s, like in sprintf for example
Related branches
CVE References
Changed in policykit: | |
assignee: | nobody → pitti |
importance: | Undecided → Critical |
status: | New → In Progress |
Changed in policykit: | |
status: | Incomplete → Confirmed |
Changed in policykit: | |
importance: | Medium → High |
status: | Confirmed → In Progress |
Changed in policykit: | |
assignee: | pitti → keescook |
Changed in policykit: | |
status: | Unknown → Confirmed |
Changed in policykit: | |
status: | Confirmed → Fix Released |
Changed in policykit: | |
importance: | Unknown → Critical |
Changed in policykit: | |
importance: | Critical → Unknown |
Changed in policykit: | |
importance: | Unknown → Critical |
To post a comment you must log in.
Hm, I tried to change my password to "foo%bar", and was able to authenticate with it. When I mistype the password, I get auth.log entries similar to your's.
So I cannot reproduce this bug. Can you please do
POLKIT_DEBUG=1 users-admin 2>&1|tee /tmp/debug.log
then try to authenticate, and after that, send me /tmp/debug.log?