| शीर्षक | PackageKit v1.3.5 Incorrect Use of Privileged APIs |
|---|
| विवरण | PackageKit SetHints Method Leading to Unauthorized File Probing
PackageKit runs under root privilege. Moreover, the SetHints D-Bus methods can be called by a normal user with the parameter of a file path. The SetHints D-Bus method accepts a frontend-socket parameter that is supposed to be a path to a Unix socket. However, the code uses g_file_test() which follows symbolic links as root to check if the file exists. This allows unprivileged users to probe the existence of any file on the system.
The full root cause and PoC is shown in issue 969 of the github PackageKit repo (https://github.com/PackageKit/PackageKit/issues/969). |
|---|
| स्रोत | ⚠️ https://github.com/PackageKit/PackageKit/issues/969 |
|---|
| उपयोगकर्ता | Rosa Yu (UID 98185) |
|---|
| सबमिशन | 12/05/2026 06:30 AM (23 दिन पहले) |
|---|
| संयम | 31/05/2026 07:53 PM (20 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 367587 [PackageKit तक 1.3.5 API src/pk-transaction.c g_file_test frontend-socket अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|