On 02/15/2012 10:52 AM, Jim Fehlig wrote:
This one's embarrassing. I think I broke polkit authorization in 0.9.10. :(
Yes, you did :).
I also found a segfault and was about to post the attached patch.
Regards, Jim
0001-Fix-polkit0-authentication.patch
From a06fab953f99e778883618dd0aeaef8da5d5b32a Mon Sep 17 00:00:00 2001 From: Jim Fehlig <jfehlig@suse.com> Date: Wed, 15 Feb 2012 10:01:50 -0700 Subject: [PATCH] Fix polkit0 authentication
Commit 7033c5f2 introduced some bugs in polkit0 authentication.
Fix libvirtd segfault in remoteDispatchAuthPolkit().
Fix polkit authentication bypass when caller UID = 0. --- daemon/remote.c | 20 +++++++++----------- 1 files changed, 9 insertions(+), 11 deletions(-)
Aargh - I pushed my shorter fix before reviewing your more complete fix. ACK. -- Eric Blake eblake@redhat.com +1-919-301-3266 Libvirt virtualization library http://libvirt.org