[3.7] polkit: Temporary auth hijacking via PID reuse and non-atomic fork (CVE-2019-6133)
In PolicyKit (aka polkit) 0.115, the “start time” protection mechanism
can be bypassed because fork() is not atomic, and therefore
authorization
decisions are improperly cached. This is related to lack of uid checking
in polkitbackend/polkitbackendinteractiveauthority.c.
References:
https://nvd.nist.gov/vuln/detail/CVE-2019-6133
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6133
Patch:
https://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81
(from redmine: issue id 10018, created on 2019-02-21)
- Relations:
- parent #10014 (closed)