diff options
author | Martin Weinelt <hexa@darmstadt.ccc.de> | 2022-01-25 19:57:24 +0100 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2022-02-19 11:04:21 +0000 |
commit | f1122ea01543c4640185ea0b2fc815354d73a3db (patch) | |
tree | 03eafe88d4ada04f7a48f44844ba833a45de1b24 /nixpkgs/pkgs/development | |
parent | f4cf97a04cd5d0b86aa46baec9fb228a8f671c03 (diff) | |
download | nixlib-f1122ea01543c4640185ea0b2fc815354d73a3db.tar nixlib-f1122ea01543c4640185ea0b2fc815354d73a3db.tar.gz nixlib-f1122ea01543c4640185ea0b2fc815354d73a3db.tar.bz2 nixlib-f1122ea01543c4640185ea0b2fc815354d73a3db.tar.lz nixlib-f1122ea01543c4640185ea0b2fc815354d73a3db.tar.xz nixlib-f1122ea01543c4640185ea0b2fc815354d73a3db.tar.zst nixlib-f1122ea01543c4640185ea0b2fc815354d73a3db.zip |
polkit: fix local priviledge escalation in pkexec
> We discovered a Local Privilege Escalation (from any user to root) in > polkit's pkexec, a SUID-root program that is installed by default on > every major Linux distribution https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt Fixes: CVE-2021-4034 (cherry picked from commit bd3256cf4f7a651e234403977fa29d4dfde255b8)
Diffstat (limited to 'nixpkgs/pkgs/development')
-rw-r--r-- | nixpkgs/pkgs/development/libraries/polkit/default.nix | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/development/libraries/polkit/default.nix b/nixpkgs/pkgs/development/libraries/polkit/default.nix index bd731e7b0517..ae3cea330807 100644 --- a/nixpkgs/pkgs/development/libraries/polkit/default.nix +++ b/nixpkgs/pkgs/development/libraries/polkit/default.nix @@ -58,6 +58,11 @@ stdenv.mkDerivation rec { url = "https://gitlab.freedesktop.org/polkit/polkit/-/commit/7ba07551dfcd4ef9a87b8f0d9eb8b91fabcb41b3.patch"; sha256 = "ebbLILncq1hAZTBMsLm+vDGw6j0iQ0crGyhzyLZQgKA="; }) + # pkexec: local privilege escalation (CVE-2021-4034) + (fetchpatch { + url = "https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683.patch"; + sha256 = "162jkpg2myq0rb0s5k3nfr4pqwv9im13jf6vzj8p5l39nazg5i4s"; + }) ] ++ lib.optionals stdenv.hostPlatform.isMusl [ # Make netgroup support optional (musl does not have it) # Upstream MR: https://gitlab.freedesktop.org/polkit/polkit/merge_requests/10 |