From cd79fcfefc8af165faa9a320bec44ce6d1c5b125 Mon Sep 17 00:00:00 2001
From: Richard Hughes <richard@hughsie.com>
Date: Fri, 1 Jul 2011 09:20:40 +0100
Subject: [PATCH] Fix CVE-2011-2515 which affects the YUM backend
In commit 290933489b1aaeb1017d10fb59ccf3231e309115, YUM changed the behaviour
when checking signatures on a package. The commit added a new configuration key
'localpkg_gpgcheck' which only affects local packages, but the key was set by
default to False, unlike 'gpgcheck' which was used for local and remote
packages before this commit.
This meant that an end user could install a local unsigned rpm package using
PackageKit without a GPG trust check, and the user would be told the untrusted
package is itself trusted. This would cause PackageKit to use a different
(weaker) PolicyKit authentication that what would be required of an unsigned
package.
To exploit this low-impact vulnerability, a user would have to manually
download an unsigned package file and would still be required to authenticate
to install the package unless this has been changed by an administrator.
Now, PackageKit sets internaly 'localpkg_gpgcheck' to match 'gpgcheck' for all
versions of yum with this new feature to match the expected behaviour.
Red Hat would like to thank Peter Robinson for reporting this issue.
See http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2515 for more details.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=717566
---
backends/yum/yumBackend.py | 16 ++++++++++++++++
1 files changed, 16 insertions(+), 0 deletions(-)
diff --git a/backends/yum/yumBackend.py b/backends/yum/yumBackend.py
index d66f862..d9a293c 100755
--- a/backends/yum/yumBackend.py
+++ b/backends/yum/yumBackend.py
@@ -1732,8 +1732,12 @@ class PackageKitYumBackend(PackageKitBaseBackend, PackagekitPackage):
# if only_trusted is true, it means that we will only update signed files
if only_trusted:
self.yumbase.conf.gpgcheck = 1
+ if hasattr(self.yumbase.conf, 'localpkg_gpgcheck'):
+ self.yumbase.conf.localpkg_gpgcheck = 1
else:
self.yumbase.conf.gpgcheck = 0
+ if hasattr(self.yumbase.conf, 'localpkg_gpgcheck'):
+ self.yumbase.conf.localpkg_gpgcheck = 0
self.yumbase.conf.throttle = "60%" # Set bandwidth throttle to 60%
# to avoid taking all the system's bandwidth.
@@ -1956,8 +1960,12 @@ class PackageKitYumBackend(PackageKitBaseBackend, PackagekitPackage):
# if only_trusted is true, it means that we will only update signed files
if only_trusted:
self.yumbase.conf.gpgcheck = 1
+ if hasattr(self.yumbase.conf, 'localpkg_gpgcheck'):
+ self.yumbase.conf.localpkg_gpgcheck = 1
else:
self.yumbase.conf.gpgcheck = 0
+ if hasattr(self.yumbase.conf, 'localpkg_gpgcheck'):
+ self.yumbase.conf.localpkg_gpgcheck = 0
for package_id in package_ids:
grp = self._is_meta_package(package_id)
@@ -2149,8 +2157,12 @@ class PackageKitYumBackend(PackageKitBaseBackend, PackagekitPackage):
# If only_trusted is true, it means that we will only install trusted files
if only_trusted or simulate:
self.yumbase.conf.gpgcheck = 1
+ if hasattr(self.yumbase.conf, 'localpkg_gpgcheck'):
+ self.yumbase.conf.localpkg_gpgcheck = 1
else:
self.yumbase.conf.gpgcheck = 0
+ if hasattr(self.yumbase.conf, 'localpkg_gpgcheck'):
+ self.yumbase.conf.localpkg_gpgcheck = 0
# self.yumbase.installLocal fails for unsigned packages when self.yumbase.conf.gpgcheck = 1
# This means we don't run runYumTransaction, and don't get the GPG failure in
@@ -2304,8 +2316,12 @@ class PackageKitYumBackend(PackageKitBaseBackend, PackagekitPackage):
# if only_trusted is true, it means that we will only update signed files
if only_trusted:
self.yumbase.conf.gpgcheck = 1
+ if hasattr(self.yumbase.conf, 'localpkg_gpgcheck'):
+ self.yumbase.conf.localpkg_gpgcheck = 1
else:
self.yumbase.conf.gpgcheck = 0
+ if hasattr(self.yumbase.conf, 'localpkg_gpgcheck'):
+ self.yumbase.conf.localpkg_gpgcheck = 0
txmbrs = []
try:
--
1.7.5.4