[Pkg-utopia-maintainers] ConsoleKit (0.2.10) / PolicyKit / Security hole

Michael Biebl biebl at debian.org
Sat Jul 19 16:23:32 UTC 2008 

Martin Pitt wrote:
> 
> Michael Biebl [2008-07-19  6:47 +0200]:
> 

>> Problem now is, if you disable the PolicyKit support, the restart/stop  
>> functions are unprotected, and everyone (even through ssh logins) can  
>> shutdown/reboot the system. For fun try [3] from an unpriviledged user  
>> account. See src/ck-manager.c and grep for HAVE_POLKIT
> 
> Ugh, many thanks for bringing this up, and yay for upstreams putting
> sane defaults into their software...
> 
>> Imo this is a major security hole in intrepid.
> 
> Full ack.
> 
>> Now there are different options how to address this:
>> 1. in /etc/dbus-1/system.d/ConsoleKit.conf
>> open
>>     <allow send_interface="org.freedesktop.ConsoleKit.Manager"
>>            send_member="Restart"/>
>>     <allow send_interface="org.freedesktop.ConsoleKit.Manager"
>>            send_member="Stop"/>
>> only for
>> a) root
>> b) at_console
> 
> Would work for me. However, I think we should rather fix the upstream
> code to deny access to those functions altogether if policykit support
> is disabled. That would be the safe and sane fallback IMNSHO. We
> should also urge upstream to adopt that patch.
> 

Well, it's basically the same as with hal's powermanagement interface 
(org.freedesktop.Hal.Device.SystemPowerManagement: Shutdown()/Reboot()/..)

If PK support is not enabled in hal, it's only safeguarded by the dbus 
policy rules. It's just that hal upstream used to ship a more 
restrictive dbus conf file (the current hal.conf.in upstream git has the 
same security problem, at least it has some comments within the conf file).

I guess I'll go with 1.a) then for the Debian package.

Cheers,
Michael

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-utopia-maintainers/attachments/20080719/297e0ef4/attachment.pgp

More information about the Pkg-utopia-maintainers mailing list