packages/avahi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
avahi/backport-0001-CVE-2023-38471.patch

32 lines
1.1 KiB
Diff
Raw Blame History

From 1c599d80f0cdd6845ad2e9bd91465d59c9b0c211 Mon Sep 17 00:00:00 2001
From: Evgeny Vereshchagin <evvers@ya.ru>
Date: Fri, 9 Dec 2022 14:33:16 +0000
Subject: [PATCH] dbus: deny SetHostName via org.freedesktop.Avahi.Server2 as
well
Looks like the policy wasn't updated when the Server2 interface was
introduced.
It's a follow-up to https://github.com/lathiat/avahi/pull/175
Reference:https://github.com/lathiat/avahi/commit/1c599d80f0cdd6845ad2e9bd91465d59c9b0c211
Conflict:NA
---
avahi-daemon/avahi-dbus.conf.in | 2 ++
1 file changed, 2 insertions(+)
diff --git a/avahi-daemon/avahi-dbus.conf.in b/avahi-daemon/avahi-dbus.conf.in
index 1df0cc478..a78f02850 100644
--- a/avahi-daemon/avahi-dbus.conf.in
+++ b/avahi-daemon/avahi-dbus.conf.in
@@ -18,6 +18,8 @@
<deny send_destination="org.freedesktop.Avahi"
send_interface="org.freedesktop.Avahi.Server" send_member="SetHostName"/>
+ <deny send_destination="org.freedesktop.Avahi"
+ send_interface="org.freedesktop.Avahi.Server2" send_member="SetHostName"/>
</policy>
<!-- Allow everything, including access to SetHostName to users of the group "@AVAHI_PRIV_ACCESS_GROUP@" -->
Reference in New Issue View Git Blame Copy Permalink