about summary refs log tree commit diff
path: root/nixpkgs/pkgs/development/libraries
diff options
context:
space:
mode:
authorMartin Weinelt <hexa@darmstadt.ccc.de>2022-01-25 19:57:24 +0100
committerAlyssa Ross <hi@alyssa.is>2022-02-19 11:04:21 +0000
commitf1122ea01543c4640185ea0b2fc815354d73a3db (patch)
tree03eafe88d4ada04f7a48f44844ba833a45de1b24 /nixpkgs/pkgs/development/libraries
parentf4cf97a04cd5d0b86aa46baec9fb228a8f671c03 (diff)
downloadnixlib-f1122ea01543c4640185ea0b2fc815354d73a3db.tar
nixlib-f1122ea01543c4640185ea0b2fc815354d73a3db.tar.gz
nixlib-f1122ea01543c4640185ea0b2fc815354d73a3db.tar.bz2
nixlib-f1122ea01543c4640185ea0b2fc815354d73a3db.tar.lz
nixlib-f1122ea01543c4640185ea0b2fc815354d73a3db.tar.xz
nixlib-f1122ea01543c4640185ea0b2fc815354d73a3db.tar.zst
nixlib-f1122ea01543c4640185ea0b2fc815354d73a3db.zip
polkit: fix local priviledge escalation in pkexec
> We discovered a Local Privilege Escalation (from any user to root) in
> polkit's pkexec, a SUID-root program that is installed by default on
> every major Linux distribution

https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt

Fixes: CVE-2021-4034
(cherry picked from commit bd3256cf4f7a651e234403977fa29d4dfde255b8)
Diffstat (limited to 'nixpkgs/pkgs/development/libraries')
-rw-r--r--nixpkgs/pkgs/development/libraries/polkit/default.nix5
1 files changed, 5 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/development/libraries/polkit/default.nix b/nixpkgs/pkgs/development/libraries/polkit/default.nix
index bd731e7b0517..ae3cea330807 100644
--- a/nixpkgs/pkgs/development/libraries/polkit/default.nix
+++ b/nixpkgs/pkgs/development/libraries/polkit/default.nix
@@ -58,6 +58,11 @@ stdenv.mkDerivation rec {
       url = "https://gitlab.freedesktop.org/polkit/polkit/-/commit/7ba07551dfcd4ef9a87b8f0d9eb8b91fabcb41b3.patch";
       sha256 = "ebbLILncq1hAZTBMsLm+vDGw6j0iQ0crGyhzyLZQgKA=";
     })
+    # pkexec: local privilege escalation (CVE-2021-4034)
+    (fetchpatch {
+      url = "https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683.patch";
+      sha256 = "162jkpg2myq0rb0s5k3nfr4pqwv9im13jf6vzj8p5l39nazg5i4s";
+    })
   ] ++ lib.optionals stdenv.hostPlatform.isMusl [
     # Make netgroup support optional (musl does not have it)
     # Upstream MR: https://gitlab.freedesktop.org/polkit/polkit/merge_requests/10
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-16 21:21:52 +0000