← Back to branch summary

~ubuntu-branches/ubuntu/raring/hal/raring

« back to all changes in this revision

Viewing changes to debian/patches/10_nonpolkit-mount-policy.patch

  • Committer: Bazaar Package Importer
  • Author(s): Martin Pitt
  • Date: 2010-04-01 12:01:16 UTC
  • Revision ID: james.westby@ubuntu.com-20100401120116-uk00q486btx6yvdy
Tags: 0.5.14-0ubuntu5
https://launchpad.net/bugs/528907
Revert the previous change. We do not want any user to modify internal
system partitions without any authentication, it creates too much of a
security hole. Instead, the patch in kdelibs should be fixed, after all it
worked fine in karmic and earlier. (LP: #528907)

Show diffs side-by-side

added added

removed removed

Lines of Context:
debian/patches/10_nonpolkit-mount-policy.patch
 
1
Index: hal-0.5.13/tools/hal-storage-mount.c
 
2
===================================================================
 
3
--- hal-0.5.13.orig/tools/hal-storage-mount.c   2009-05-27 15:26:03.000000000 -0500
 
4
+++ hal-0.5.13/tools/hal-storage-mount.c        2009-11-19 10:52:30.979682802 -0600
 
5
@@ -92,6 +92,14 @@
 
6
 }
 
7
 
 
8
 static void
 
9
+permission_denied_uid (const char *device, const char *uid)
 
10
+{
 
11
+       fprintf (stderr, "org.freedesktop.Hal.Device.Volume.PermissionDenied\n");
 
12
+       fprintf (stderr, "Refusing to mount device %s for uid=%s.\n", device, uid);
 
13
+       exit (1);
 
14
+}
 
15
+
 
16
+static void
 
17
 already_mounted (const char *device)
 
18
 {
 
19
        fprintf (stderr, "org.freedesktop.Hal.Device.Volume.AlreadyMounted\n");
 
20
@@ -856,6 +864,13 @@
 
21
                 }
 
22
                 libhal_free_string (polkit_result);
 
23
         }
 
24
+#else
 
25
+       /* root can do everything; only allow handling removable devices
 
26
+        * without uid change to non-root users */
 
27
+       if (!invoked_by_uid || strcmp(invoked_by_uid, "0"))
 
28
+               if (!action || strcmp (action, "org.freedesktop.hal.storage.mount-removable"))
 
29
+                       permission_denied_uid (device, invoked_by_uid);
 
30
+
 
31
 #endif
 
32
 
 
33
 #ifdef DEBUG