[3.9] polkit: Temporary auth hijacking via PID reuse and non-atomic fork (CVE-2019-6133)
In PolicyKit (aka polkit) 0.115, the “start time” protection mechanism
can be bypassed because fork() is not atomic, and therefore
authorization
decisions are improperly cached. This is related to lack of uid checking
in polkitbackend/polkitbackendinteractiveauthority.c.
References:
https://nvd.nist.gov/vuln/detail/CVE-2019-6133
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6133
Patch:
https://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81
(from redmine: issue id 10016, created on 2019-02-21)
- Relations:
- parent #10014 (closed)
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information