Thursday, February 14, 2013

Valentine pam_fprintd trickery

Anyone can give your finger by spoofing DBUS signals
to pam_fprintd, effectively bypassing fprintd authentication.
Tested with fprintd 0.41.
darklena is the PoC and the authors have been informed.

Its probably about time to check dbus-glib usage or usage
of DBUS signals in privileged code in general.

[Update:] successfully tested on a vanilla FC16 setup with
fprintd installed from repository and SELinux target config
left as-is:


2 comments:

Anonymous said...

Ive witnessed dbus leakage oct 2012, taking over VirtualBox. Nobody believed me.

Sebastian said...

you can send me details if you like