diff options
author | Jörg Thalheim <joerg@higgsboson.tk> | 2016-10-05 18:07:12 +0200 |
---|---|---|
committer | Jörg Thalheim <joerg@higgsboson.tk> | 2016-10-05 18:11:02 +0200 |
commit | c684eb756a015456c584975bbe099a299ce34763 (patch) | |
tree | 6608c9aeba537ec1bd59ae5292260c0c27da9e49 /pkgs/os-specific | |
parent | 92d2416280f1d8289b67b240bee5ab187577067f (diff) | |
download | nixlib-c684eb756a015456c584975bbe099a299ce34763.tar nixlib-c684eb756a015456c584975bbe099a299ce34763.tar.gz nixlib-c684eb756a015456c584975bbe099a299ce34763.tar.bz2 nixlib-c684eb756a015456c584975bbe099a299ce34763.tar.lz nixlib-c684eb756a015456c584975bbe099a299ce34763.tar.xz nixlib-c684eb756a015456c584975bbe099a299ce34763.tar.zst nixlib-c684eb756a015456c584975bbe099a299ce34763.zip |
rtkit: *security* Pass uid of caller to polkit
Otherwise, we force polkit to look up the uid itself in /proc, which is racy if they execve() a setuid binary.
Diffstat (limited to 'pkgs/os-specific')
-rw-r--r-- | pkgs/os-specific/linux/rtkit/default.nix | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/pkgs/os-specific/linux/rtkit/default.nix b/pkgs/os-specific/linux/rtkit/default.nix index 3284dfcb88ba..dd6f9ec42afa 100644 --- a/pkgs/os-specific/linux/rtkit/default.nix +++ b/pkgs/os-specific/linux/rtkit/default.nix @@ -13,10 +13,17 @@ stdenv.mkDerivation rec { ]; patches = [ + # Drop removed ControlGroup stanza (fetchpatch { - url = "https://anonscm.debian.org/cgit/pkg-multimedia/rtkit.git/plain/debian/patches/0002-Drop-Removed-ControlGroup-stanza.patch?id=21f2c6be6985c777cbf113c67043353406744050"; + url = "http://git.0pointer.net/rtkit.git/patch/?id=6c28e20c0be2f616a025059fda0ffac84e7f4f17"; sha256 = "0lsxk5nv08i1wjb4xh20i5fcwg3x0qq0k4f8bc0r9cczph2sv7ck"; }) + + # security patch: Pass uid of caller to polkit + (fetchpatch { + url = "http://git.0pointer.net/rtkit.git/patch/?id=88d4082ef6caf6b071d749dca1c50e7edde914cc"; + sha256 = "0hp1blbi359qz8fmr6nj4w9yc0jf3dd176f8pn25wdj38n13qkix"; + }) ]; buildInputs = [ pkgconfig dbus libcap ]; |