Do not pass ntpUtility as an argument to datetime helper
Review Request #120977 - Created Nov. 4, 2014 and submitted
First patch:Do not pass ntpUtility as an argument to datetime helper Passing the name of a binary to run to a polkit helper is a security risk as it allows any arbitrary process to be executed. This patch moves the detection of ntp utility location into the helper function.
Second patch:Validate timezone name before setting This patch ensures that the symlink /etc/localtime always points to a file in /usr/share/timezones and not an arbitrary file in a user's home directory.
Ran kcmshell4 clock. Timezone code definitely still works.
NTP seemed to work as before.
My exploit no longer works.
|Should ret |= NTPError only be set both after ntpdate and rdate are set?||Albert Astals Cid|
|Why an unconditional break? Whith this rdate is never tried, no?||Albert Astals Cid|
|I guess we should merge this one with Dtime::findNTPutility Because Dtime::findNTPutility is used to know if to set some stuff ...||Albert Astals Cid|
could you please try the following:
create a symlink in $HOME/bin called "ntpdate" and point it to your exploit. Now add $HOME/bin to your PATH variable and run the kcm. If I read the code correctly it would still be exploited.