to pam_fprintd, effectively bypassing fprintd authentication.
Tested with fprintd 0.41.
darklena is the PoC and the authors have been informed.
Its probably about time to check dbus-glib usage or usage
of DBUS signals in privileged code in general.
[Update:] successfully tested on a vanilla FC16 setup with
fprintd installed from repository and SELinux target config
left as-is:
Posts
2 comments:
Ive witnessed dbus leakage oct 2012, taking over VirtualBox. Nobody believed me.
you can send me details if you like
Post a Comment