| Summary: | patches for CVE-2018-10380 "Access to privileged files" break access to existing wallets | ||
|---|---|---|---|
| Product: | [Frameworks and Libraries] kwallet-pam | Reporter: | Rik Mills <rikmills> |
| Component: | general | Assignee: | Plasma Bugs List <plasma-bugs> |
| Status: | RESOLVED FIXED | ||
| Severity: | major | CC: | aacid, fabian, maxy, maxy, nate |
| Priority: | NOR | ||
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Platform: | Ubuntu | ||
| OS: | Linux | ||
| Latest Commit: | https://commits.kde.org/kwallet-pam/8da1a47035fc92bc1496059583772bc4bd6e8ba6 | Version Fixed In: | |
| Attachments: | Use any fd, but not stderr | ||
|
Description
Rik Mills
2018-05-04 18:56:33 UTC
Also appears reported in archlinux as: https://bugs.archlinux.org/task/58446 Also reported in Debian: https://bugs.debian.org/897687 Created attachment 112421 [details]
Use any fd, but not stderr
(In reply to Maximiliano Curia from comment #3) > Created attachment 112421 [details] > Use any fd, but not stderr Does that patch fix it? If so, please post it to phabricator with a detailed explanation of the issue. For some reason https://cgit.kde.org/kwallet-pam.git/commit/?id=8da1a47035fc92bc1496059583772bc4bd6e8ba6 didn't close this Git commit 8da1a47035fc92bc1496059583772bc4bd6e8ba6 by Maximiliano Curia. Committed on 05/05/2018 at 10:00. Pushed by maximilianocuria into branch 'Plasma/5.12'. Avoid giving an stderr to kwallet Summary: The fixes for CVE-2018-10380 introduced a regression for most users not using kde, and some for kde sessions. In particular the reorder of the close calls and creating a new socket caused that the socket is always assigned the file descriptor 2, aka stderr. Test Plan: It works Reviewers: #plasma, aacid Reviewed By: aacid Subscribers: asturmlechner, rdieter, davidedmundson, plasma-devel Tags: #plasma Differential Revision: https://phabricator.kde.org/D12702 M +4 -1 pam_kwallet.c https://commits.kde.org/kwallet-pam/8da1a47035fc92bc1496059583772bc4bd6e8ba6 |