[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [hurd-amd64] ibus test failures
|
From: |
Samuel Thibault |
|
Subject: |
Re: [hurd-amd64] ibus test failures |
|
Date: |
Mon, 30 Dec 2024 18:03:09 +0100 |
Hello,
Sergey Bugaev, le lun. 30 déc. 2024 16:44:24 +0300, a ecrit:
> This feels like an opportunity to remind everyone that the SCM_CREDS
> implementation, which is shipped as a Debian downstream patch, doesn't
> actually verify the credentials. I have posted a more detailed
> description [0] back in Feb 2023, and still got no response. So: ping?
>
> [0]: https://mail.gnu.org/archive/html/bug-hurd/2023-02/msg00054.html
>
> I have also written a PoC exploit for this, which authenticates itself
> to the D-Bus daemon as UID 0, even though it's not.
Writing PoC is not really useful, we completely know that the
patch is not complete (which is one of the reasons why it's not
upstream). Contribution to fix the issue welcome.
Samuel
- [hurd-amd64] ibus test failures, Diego Nieto Cid, 2024/12/29
- Re: [hurd-amd64] ibus test failures, Samuel Thibault, 2024/12/29
- Re: [hurd-amd64] ibus test failures, Diego Nieto Cid, 2024/12/30
- Re: [hurd-amd64] ibus test failures, Diego Nieto Cid, 2024/12/30
- Re: [hurd-amd64] ibus test failures, Samuel Thibault, 2024/12/31
- Re: [hurd-amd64] ibus test failures, Samuel Thibault, 2024/12/31
- Re: [hurd-amd64] ibus test failures, Diego Nieto Cid, 2024/12/31
- Re: [hurd-amd64] ibus test failures, Diego Nieto Cid, 2024/12/31
- Re: [hurd-amd64] ibus test failures, Diego Nieto Cid, 2024/12/31
- Re: [hurd-amd64] ibus test failures, Diego Nieto Cid, 2024/12/31
- Re: [hurd-amd64] ibus test failures, Diego Nieto Cid, 2024/12/31