Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[CVE-2019-25058] Fix unauthorized access via D-Bus (fixes #273, fixes #403) #531

Merged
merged 7 commits into from
Feb 14, 2022

Conversation

hartwork
Copy link
Contributor

@hartwork hartwork commented Feb 6, 2022

Fixes #273
Fixes #403

  • Fix .policy file:
    • Replace unsupported value auth_self_keep_session by auth_self_keep to fix the Polkit parse error so that Polkit stops ignoring the USBGuard .policy file.
    • Drop actions/methods from the policy that no longer exist.
    • Add actions/methods to the policy file that have been missing.
  • Make usbguard-dbus call out to Polkit for authorization so that the policies from the .policy file are actually respected.
  • Add CI to protect against policy file parse error regressions.

CC @radosroka @Cropi

@hartwork hartwork changed the title Fix D-Bus polkit policies (fixes #403) [security] Fix D-Bus polkit policies (fixes #403) Feb 8, 2022
@hartwork hartwork changed the title [security] Fix D-Bus polkit policies (fixes #403) [security] Fix D-Bus Polkit policies (fixes #403) Feb 8, 2022
@hartwork hartwork changed the title [security] Fix D-Bus Polkit policies (fixes #403) [security] Fix unauthorized access via D-Bus (fixes #403) Feb 9, 2022
@hartwork hartwork changed the title [security] Fix unauthorized access via D-Bus (fixes #403) [security] Fix unauthorized access via D-Bus (fixes #273, fixes #403) Feb 9, 2022
@radosroka
Copy link
Member

I don't have any objections.

@radosroka radosroka merged commit 2c8c1ae into USBGuard:master Feb 14, 2022
@hartwork hartwork deleted the fix-dbus-polkit-policies branch February 15, 2022 19:46
@hartwork hartwork changed the title [security] Fix unauthorized access via D-Bus (fixes #273, fixes #403) [CVE-2019-25058] Fix unauthorized access via D-Bus (fixes #273, fixes #403) Feb 24, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Polkit policy is not valid with newest versions of Polkit No default ACL on some dbus methods
2 participants