| Título | PackageKit v1.3.5 Incorrect Use of Privileged APIs |
|---|
| Descrição | PackageKit SetHints Method Leading to Unauthorized File Probing
PackageKit runs under root privilege. Moreover, the SetHints D-Bus methods can be called by a normal user with the parameter of a file path. The SetHints D-Bus method accepts a frontend-socket parameter that is supposed to be a path to a Unix socket. However, the code uses g_file_test() which follows symbolic links as root to check if the file exists. This allows unprivileged users to probe the existence of any file on the system.
The full root cause and PoC is shown in issue 969 of the github PackageKit repo (https://github.com/PackageKit/PackageKit/issues/969). |
|---|
| Fonte | ⚠️ https://github.com/PackageKit/PackageKit/issues/969 |
|---|
| Utilizador | Rosa Yu (UID 98185) |
|---|
| Submissão | 12/05/2026 06h30 (há 23 dias) |
|---|
| Moderação | 31/05/2026 19h53 (20 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 367587 [PackageKit até 1.3.5 API src/pk-transaction.c g_file_test frontend-socket Elevação de Privilégios] |
|---|
| Pontos | 20 |
|---|