[rpms/ibus] autotool: Fix #1751940 - CVE-2019-14822 GDBusServer peer authorization

public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed

From: Takao Fujiwara <tfujiwar@redhat.com>
To: git-commits@fedoraproject.org
Subject: [rpms/ibus] autotool: Fix #1751940 - CVE-2019-14822 GDBusServer peer authorization
Date: Sun, 31 May 2026 02:07:16 GMT	[thread overview]
Message-ID: <178019323684.1.8399169554869267296.rpms-ibus-698c8ecd068d@fedoraproject.org> (raw)

A new commit has been pushed.

Repo   : rpms/ibus
Branch : autotool
Commit : 698c8ecd068dc00df2916a725e6852498ff49b3f
Author : Takao Fujiwara <tfujiwar@redhat.com>
Date   : 2019-09-13T17:24:14+09:00
Stats  : +180/-1 in 2 file(s)
URL    : https://src.fedoraproject.org/rpms/ibus/c/698c8ecd068dc00df2916a725e6852498ff49b3f?branch=autotool

Log:
Fix #1751940 - CVE-2019-14822 GDBusServer peer authorization

---
diff --git a/ibus-HEAD.patch b/ibus-HEAD.patch
index e69de29..b7b0fa1 100644
--- a/ibus-HEAD.patch
+++ b/ibus-HEAD.patch
@@ -0,0 +1,175 @@
+From 3d442dbf936d197aa11ca0a71663c2bc61696151 Mon Sep 17 00:00:00 2001
+From: fujiwarat <takao.fujiwara1@gmail.com>
+Date: Fri, 13 Sep 2019 15:59:03 +0900
+Subject: [PATCH] bus: Implement GDBusAuthObserver callback
+
+ibus uses a GDBusServer with G_DBUS_SERVER_FLAGS_AUTHENTICATION_ALLOW_ANONYMOUS,
+and doesn't set a GDBusAuthObserver, which allows anyone who can connect
+to its AF_UNIX socket to authenticate and be authorized to send method calls.
+It also seems to use an abstract AF_UNIX socket, which does not have
+filesystem permissions, so the practical effect might be that a local
+attacker can connect to another user's ibus service and make arbitrary
+method calls.
+
+BUGS=rhbz#1717958
+---
+ bus/server.c | 89 ++++++++++++++++++++++++++++++++++++++++++----------
+ 1 file changed, 73 insertions(+), 16 deletions(-)
+
+diff --git a/bus/server.c b/bus/server.c
+index 3a626230..2439de14 100644
+--- a/bus/server.c
++++ b/bus/server.c
+@@ -2,7 +2,8 @@
+ /* vim:set et sts=4: */
+ /* bus - The Input Bus
+  * Copyright (C) 2008-2010 Peng Huang <shawn.p.huang@gmail.com>
+- * Copyright (C) 2008-2010 Red Hat, Inc.
++ * Copyright (C) 2011-2019 Takao Fujiwara <takao.fujiwara1@gmail.com>
++ * Copyright (C) 2008-2019 Red Hat, Inc.
+  *
+  * This library is free software; you can redistribute it and/or
+  * modify it under the terms of the GNU Lesser General Public
+@@ -69,17 +70,64 @@ _restart_server (void)
+     exit (-1);
+ }
+ 
++/**
++ * bus_allow_mechanism_cb:
++ * @observer: A #GDBusAuthObserver.
++ * @mechanism: The name of the mechanism.
++ * @user_data: always %NULL.
++ *
++ * Check if @mechanism can be used to authenticate the other peer.
++ * Returns: %TRUE if the peer's mechanism is allowed.
++ */
++static gboolean
++bus_allow_mechanism_cb (GDBusAuthObserver     *observer,
++                        const gchar           *mechanism,
++                        G_GNUC_UNUSED gpointer user_data)
++{
++    if (g_strcmp0 (mechanism, "EXTERNAL") == 0)
++        return TRUE;
++    return FALSE;
++}
++
++/**
++ * bus_authorize_authenticated_peer_cb:
++ * @observer: A #GDBusAuthObserver.
++ * @stream: A #GIOStream.
++ * @credentials: A #GCredentials.
++ * @user_data: always %NULL.
++ *
++ * Check if a peer who has already authenticated should be authorized.
++ * Returns: %TRUE if the peer's credential is authorized.
++ */
++static gboolean
++bus_authorize_authenticated_peer_cb (GDBusAuthObserver     *observer,
++                                     GIOStream             *stream,
++                                     GCredentials          *credentials,
++                                     G_GNUC_UNUSED gpointer user_data)
++{
++    gboolean authorized = FALSE;
++    if (credentials) {
++        GCredentials *own_credentials = g_credentials_new ();
++        if (g_credentials_is_same_user (credentials, own_credentials, NULL))
++            authorized = TRUE;
++        g_object_unref (own_credentials);
++    }
++    return authorized;
++}
++
+ /**
+  * bus_new_connection_cb:
+- * @user_data: always NULL.
+- * @returns: TRUE when the function can handle the connection.
++ * @observer: A #GDBusAuthObserver.
++ * @dbus_connection: A #GDBusconnection.
++ * @user_data: always %NULL.
+  *
+  * Handle incoming connections.
++ * Returns: %TRUE when the function can handle the connection.
+  */
+ static gboolean
+-bus_new_connection_cb (GDBusServer     *server,
+-                       GDBusConnection *dbus_connection,
+-                       gpointer         user_data)
++bus_new_connection_cb (GDBusServer           *server,
++                       GDBusConnection       *dbus_connection,
++                       G_GNUC_UNUSED gpointer user_data)
+ {
+     BusConnection *connection = bus_connection_new (dbus_connection);
+     bus_dbus_impl_new_connection (dbus, connection);
+@@ -94,9 +142,9 @@ bus_new_connection_cb (GDBusServer     *server,
+ }
+ 
+ static void
+-_server_connect_start_portal_cb (GObject      *source_object,
+-                                 GAsyncResult *res,
+-                                 gpointer      user_data)
++_server_connect_start_portal_cb (GObject               *source_object,
++                                 GAsyncResult          *res,
++                                 G_GNUC_UNUSED gpointer user_data)
+ {
+     GVariant *result;
+     GError *error = NULL;
+@@ -113,9 +161,9 @@ _server_connect_start_portal_cb (GObject      *source_object,
+ }
+ 
+ static void
+-bus_acquired_handler (GDBusConnection *connection,
+-                      const gchar     *name,
+-                      gpointer         user_data)
++bus_acquired_handler (GDBusConnection       *connection,
++                      const gchar           *name,
++                      G_GNUC_UNUSED gpointer user_data)
+ {
+     g_dbus_connection_call (connection,
+                             IBUS_SERVICE_PORTAL,
+@@ -136,14 +184,17 @@ void
+ bus_server_init (void)
+ {
+     GError *error = NULL;
++    GDBusServerFlags flags = G_DBUS_SERVER_FLAGS_NONE;
++    gchar *guid;
++    GDBusAuthObserver *observer;
+ 
+     dbus = bus_dbus_impl_get_default ();
+     ibus = bus_ibus_impl_get_default ();
+     bus_dbus_impl_register_object (dbus, (IBusService *)ibus);
+ 
+     /* init server */
+-    GDBusServerFlags flags = G_DBUS_SERVER_FLAGS_AUTHENTICATION_ALLOW_ANONYMOUS;
+-    gchar *guid = g_dbus_generate_guid ();
++    guid = g_dbus_generate_guid ();
++    observer = g_dbus_auth_observer_new ();
+     if (!g_str_has_prefix (g_address, "unix:tmpdir=") &&
+         !g_str_has_prefix (g_address, "unix:path=")) {
+         g_error ("Your socket address does not have the format unix:tmpdir=$DIR "
+@@ -152,7 +203,7 @@ bus_server_init (void)
+     server =  g_dbus_server_new_sync (
+                     g_address, /* the place where the socket file lives, e.g. /tmp, abstract namespace, etc. */
+                     flags, guid,
+-                    NULL /* observer */,
++                    observer,
+                     NULL /* cancellable */,
+                     &error);
+     if (server == NULL) {
+@@ -162,7 +213,13 @@ bus_server_init (void)
+     }
+     g_free (guid);
+ 
+-    g_signal_connect (server, "new-connection", G_CALLBACK (bus_new_connection_cb), NULL);
++    g_signal_connect (observer, "allow-mechanism",
++                      G_CALLBACK (bus_allow_mechanism_cb), NULL);
++    g_signal_connect (observer, "authorize-authenticated-peer",
++                      G_CALLBACK (bus_authorize_authenticated_peer_cb), NULL);
++    g_object_unref (observer);
++    g_signal_connect (server, "new-connection",
++                      G_CALLBACK (bus_new_connection_cb), NULL);
+ 
+     g_dbus_server_start (server);
+ 
+-- 
+2.21.0
+

diff --git a/ibus.spec b/ibus.spec
index f75ceaf..bd3a7bb 100644
--- a/ibus.spec
+++ b/ibus.spec
@@ -35,7 +35,7 @@
 
 Name:           ibus
 Version:        1.5.21
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        Intelligent Input Bus for Linux OS
 License:        LGPLv2+
 URL:            https://github.com/ibus/%name/wiki
@@ -43,6 +43,7 @@ Source0:        https://github.com/ibus/%name/releases/download/%{version}/%{nam
 Source1:        %{name}-xinput
 Source2:        %{name}.conf.5
 # Patch0:         %%{name}-HEAD.patch
+Patch0:         %{name}-HEAD.patch
 # Under testing #1349148 #1385349 #1350291 #1406699 #1432252 #1601577
 Patch1:         %{name}-1385349-segv-bus-proxy.patch
 
@@ -460,6 +461,9 @@ dconf update || :
 %{_datadir}/installed-tests/ibus
 
 %changelog
+* Fri Sep 13 2019 Takao Fujiwara <tfujiwar@redhat.com> - 1.5.21-2
+- Fix #1751940 - CVE-2019-14822 GDBusServer peer authorization
+
 * Fri Aug 23 2019 Takao Fujiwara <tfujiwar@redhat.com> - 1.5.21-1
 - Bump to 1.5.21

                 reply	other threads:[~2026-05-31  2:07 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=178019323684.1.8399169554869267296.rpms-ibus-698c8ecd068d@fedoraproject.org \
    --to=tfujiwar@redhat.com \
    --cc=git-commits@fedoraproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox