mirror of
https://git.busybox.net/buildroot.git
synced 2024-12-04 10:53:30 +08:00
a9f38acbf2
daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note that the server socket only accepts a single connection, so the attacker would have to discover the server and connect to the socket before its owner does.) Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr> |
||
---|---|---|
.. | ||
0001-admin-Prevent-access-if-any-authentication-agent-isn-t-available.patch | ||
0002-admin-Add-query_info_on_read-write-functionality.patch | ||
0003-admin-Allow-changing-file-owner.patch | ||
0004-admin-Use-fsuid-to-ensure-correct-file-ownership.patch | ||
0005-admin-Ensure-correct-ownership-when-moving-to-file-uri.patch | ||
0006-gvfsdaemon-Check-that-the-connecting-client-is-the-same-user.patch | ||
Config.in | ||
gvfs.hash | ||
gvfs.mk |