Bug 393856 - patches for CVE-2018-10380 "Access to privileged files" break access to existing wallets
Summary: patches for CVE-2018-10380 "Access to privileged files" break access to exist...
Status: RESOLVED FIXED
Alias: None
Product: kwallet-pam
Classification: Frameworks and Libraries
Component: general (show other bugs)
Version: unspecified
Platform: Ubuntu Linux
: NOR major
Target Milestone: ---
Assignee: Plasma Bugs List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-05-04 18:56 UTC by Rik Mills
Modified: 2018-05-05 10:38 UTC (History)
5 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:


Attachments
Use any fd, but not stderr (650 bytes, patch)
2018-05-04 20:14 UTC, Maximiliano Curia
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Rik Mills 2018-05-04 18:56:33 UTC
Confirmed in 

https://bugs.launchpad.net/ubuntu/+source/kwallet-pam/+bug/1769187

for

Plasma 5.12.4, 5.10.5 and 5.5.5

Wallet appears empty from most accounts.
Comment 1 Rik Mills 2018-05-04 19:11:55 UTC
Also appears reported in archlinux as:

https://bugs.archlinux.org/task/58446
Comment 2 Maximiliano Curia 2018-05-04 19:44:59 UTC
Also reported in Debian:

https://bugs.debian.org/897687
Comment 3 Maximiliano Curia 2018-05-04 20:14:31 UTC
Created attachment 112421 [details]
Use any fd, but not stderr
Comment 4 Fabian Vogt 2018-05-04 20:30:15 UTC
(In reply to Maximiliano Curia from comment #3)
> Created attachment 112421 [details]
> Use any fd, but not stderr

Does that patch fix it?

If so, please post it to phabricator with a detailed explanation of the issue.
Comment 5 Albert Astals Cid 2018-05-05 10:23:09 UTC
For some reason https://cgit.kde.org/kwallet-pam.git/commit/?id=8da1a47035fc92bc1496059583772bc4bd6e8ba6 didn't close this
Comment 6 Maximiliano Curia 2018-05-05 10:38:46 UTC
Git commit 8da1a47035fc92bc1496059583772bc4bd6e8ba6 by Maximiliano Curia.
Committed on 05/05/2018 at 10:00.
Pushed by maximilianocuria into branch 'Plasma/5.12'.

Avoid giving an stderr to kwallet

Summary:
The fixes for CVE-2018-10380 introduced a regression for most users not
using kde, and some for kde sessions. In particular the reorder of the
close calls and creating a new socket caused that the socket is always
assigned the file descriptor 2, aka stderr.

Test Plan: It works

Reviewers: #plasma, aacid

Reviewed By: aacid

Subscribers: asturmlechner, rdieter, davidedmundson, plasma-devel

Tags: #plasma

Differential Revision: https://phabricator.kde.org/D12702

M  +4    -1    pam_kwallet.c

https://commits.kde.org/kwallet-pam/8da1a47035fc92bc1496059583772bc4bd6e8ba6