Red Hat Bugzilla – Bug 878115
CVE-2012-5535 gnome-system-log: polkit policy too lax, allows reading arbitrary files on the system
Last modified: 2015-08-19 05:18:55 EDT
gnome-system-log-3.6.0-1.fc18 is set up so that
> $ gnome-system-log
executes "logview" as root through pkexec, only asking for the invoking user's password (because the org.gnome.logview.config.date.pkexec.run (sic) action has default policy auth_self_keep).
Running an X11 application as root in a session of a completely unprivileged user is risky enough in itself; however logview also allows (via the "wheel" button/Open) opening any file on the system, including /etc/shadow. This is at least a confidentiality violation; reading various authentication cookies or ssh private keys might even allow this to be amplified into a privilege escalation.
Please change the polkit policy to one of the auth_admin_* ones.
This is corrected in Fedora 18:
And is currently in Fedora 17 testing:
Note that this is due to a patch specific to Fedora and should not affect other vendors.
Not vulnerable. This issue did not affect the versions of gnome-utils as shipped with Red Hat Enterprise Linux 5 and 6 as they used usermode to request privileges, not pkexec.
gnome-system-log-3.6.1-2.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
gnome-system-log-3.4.1-3.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.