Bug#973748: sddm: CVE-2020-28049: local privilege escalation due to race condition in creation of the Xauthority file

To: Norbert Preining <norbert@preining.info>
Cc: 973748@bugs.debian.org, Debian FTP Masters <ftpmaster@ftp-master.debian.org>, dak@security.debian.org
Subject: Bug#973748: sddm: CVE-2020-28049: local privilege escalation due to race condition in creation of the Xauthority file
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 5 Nov 2020 12:43:27 +0100
Message-id: <[🔎] 20201105114327.GA12819@lorien.valinor.li>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 973748@bugs.debian.org
In-reply-to: <[🔎] 20201105112607.GA36413@bulldog.preining.info>
References: <E1kacqJ-0003c5-ND@seger.debian.org> <[🔎] 160449433254.22150.933936578574498063.reportbug@lorien.valinor.li> <[🔎] 20201105112607.GA36413@bulldog.preining.info> <[🔎] 160449433254.22150.933936578574498063.reportbug@lorien.valinor.li>

Hi Norbert,

On Thu, Nov 05, 2020 at 08:26:07PM +0900, Norbert Preining wrote:
> Hi Salvatore, hi FTP Master,
> 
> @Salvatore: thanks for the NMU preparation. We are now preparing a fix
> for unstable via version 0.19, and at the same time I thought I upload
> to buster-security, based on your patch,
> 
> But, uploading to security-master with dput I got the following answer:
> 
> On Thu, 05 Nov 2020, Debian FTP Masters wrote:
> > sddm_0.18.0-1+deb10u1.dsc: Does not match file already existing in the pool.
> 
> Do you or ftpmaster could explain me what I did wrong?
> 
> The included files are
> Checksums-Sha1:
>  f8d882dbf4cf377fa0c7a4277a56b7f7c25e2a64 2334 sddm_0.18.0-1+deb10u1.dsc
>  a33d316b613a52b2af435c3516ed9abac7ea34d5 52864 sddm_0.18.0-1+deb10u1.debian.tar.xz
>  5ed47e94dc64af78fe960358b8b009afb840e16a 13613 sddm_0.18.0-1+deb10u1_source.buildinfo
> and the upload was a source-only to Distribution: buster-security.

That is because I did already upload the upload yesterday as with the
debdiff attached to the bugreport. But we (Moritz was testing as well)
wanted to further test the upload first before releasing the DSA.

Fixing this via unstable via directly 0.19 sounds great, thank you.

Regards,
Salvatore

Reply to:

Follow-Ups:
- Bug#973748: sddm: CVE-2020-28049: local privilege escalation due to race condition in creation of the Xauthority file
  - From: Norbert Preining <norbert@preining.info>

References:
- Bug#973748: sddm: CVE-2020-28049: local privilege escalation due to race condition in creation of the Xauthority file
  - From: Salvatore Bonaccorso <carnil@debian.org>
- Bug#973748: sddm: CVE-2020-28049: local privilege escalation due to race condition in creation of the Xauthority file
  - From: Norbert Preining <norbert@preining.info>

Prev by Date: Bug#973748: sddm: CVE-2020-28049: local privilege escalation due to race condition in creation of the Xauthority file
Next by Date: Bug#973748: sddm: CVE-2020-28049: local privilege escalation due to race condition in creation of the Xauthority file
Previous by thread: Bug#973748: sddm: CVE-2020-28049: local privilege escalation due to race condition in creation of the Xauthority file
Next by thread: Bug#973748: sddm: CVE-2020-28049: local privilege escalation due to race condition in creation of the Xauthority file
Index(es):
- Date
- Thread