Bug 393856

Summary: patches for CVE-2018-10380 "Access to privileged files" break access to existing wallets
Product: [Frameworks and Libraries] kwallet-pam Reporter: Rik Mills <rikmills>
Component: generalAssignee: Plasma Bugs List <plasma-bugs>
Status: RESOLVED FIXED    
Severity: major CC: aacid, fabian, maxy, maxy, nate
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Ubuntu   
OS: Linux   
Latest Commit: https://commits.kde.org/kwallet-pam/8da1a47035fc92bc1496059583772bc4bd6e8ba6 Version Fixed In:
Sentry Crash Report:
Attachments: Use any fd, but not stderr

Description Rik Mills 2018-05-04 18:56:33 UTC 
Confirmed in 

https://bugs.launchpad.net/ubuntu/+source/kwallet-pam/+bug/1769187

for

Plasma 5.12.4, 5.10.5 and 5.5.5

Wallet appears empty from most accounts.
Comment 1 Rik Mills 2018-05-04 19:11:55 UTC 
Also appears reported in archlinux as:

https://bugs.archlinux.org/task/58446
Comment 2 Maximiliano Curia 2018-05-04 19:44:59 UTC 
Also reported in Debian:

https://bugs.debian.org/897687
Comment 3 Maximiliano Curia 2018-05-04 20:14:31 UTC 
Created attachment 112421 [details]
Use any fd, but not stderr
Comment 4 Fabian Vogt 2018-05-04 20:30:15 UTC 
(In reply to Maximiliano Curia from comment #3)
> Created attachment 112421 [details]
> Use any fd, but not stderr

Does that patch fix it?

If so, please post it to phabricator with a detailed explanation of the issue.
Comment 5 Albert Astals Cid 2018-05-05 10:23:09 UTC 
For some reason https://cgit.kde.org/kwallet-pam.git/commit/?id=8da1a47035fc92bc1496059583772bc4bd6e8ba6 didn't close this
Comment 6 Maximiliano Curia 2018-05-05 10:38:46 UTC 
Git commit 8da1a47035fc92bc1496059583772bc4bd6e8ba6 by Maximiliano Curia.
Committed on 05/05/2018 at 10:00.
Pushed by maximilianocuria into branch 'Plasma/5.12'.

Avoid giving an stderr to kwallet

Summary:
The fixes for CVE-2018-10380 introduced a regression for most users not
using kde, and some for kde sessions. In particular the reorder of the
close calls and creating a new socket caused that the socket is always
assigned the file descriptor 2, aka stderr.

Test Plan: It works

Reviewers: #plasma, aacid

Reviewed By: aacid

Subscribers: asturmlechner, rdieter, davidedmundson, plasma-devel

Tags: #plasma

Differential Revision: https://phabricator.kde.org/D12702

M  +4    -1    pam_kwallet.c

https://commits.kde.org/kwallet-pam/8da1a47035fc92bc1496059583772bc4bd6e8ba6