a9f38acbf2
daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note that the server socket only accepts a single connection, so the attacker would have to discover the server and connect to the socket before its owner does.) Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr> |
||
|---|---|---|
| .. | ||
| 0001-admin-Prevent-access-if-any-authentication-agent-isn-t-available.patch | ||
| 0002-admin-Add-query_info_on_read-write-functionality.patch | ||
| 0003-admin-Allow-changing-file-owner.patch | ||
| 0004-admin-Use-fsuid-to-ensure-correct-file-ownership.patch | ||
| 0005-admin-Ensure-correct-ownership-when-moving-to-file-uri.patch | ||
| 0006-gvfsdaemon-Check-that-the-connecting-client-is-the-same-user.patch | ||
| Config.in | ||
| gvfs.hash | ||
| gvfs.mk | ||