If a user types a carefully crafted series of format strings, they can trick polkit-grant-helper into thinking the password was successful.
https://launchpad.net/bugs/205037
src/polkit-grant/polkit-grant-helper.c line 231:
/* send to parent */ fprintf (stdout, buf);
This should be fprintf(stdout, "%s", buf);
I also recommend adding "-Wformat -Wformat-security" to the gcc CFLAGS.
If a user types a carefully crafted series of format strings, they can trick polkit-grant-helper into thinking the password was successful.
https:/ /launchpad. net/bugs/ 205037
src/polkit- grant/polkit- grant-helper. c line 231:
/* send to parent */
fprintf (stdout, buf);
This should be fprintf(stdout, "%s", buf);
I also recommend adding "-Wformat -Wformat-security" to the gcc CFLAGS.