fix: some security issues

Fix some security issues. Log: fix some security issues Task: https://pms.uniontech.com/task-view-362563.html
linuxdeepin · Sep 13, 2024 · afb8df2 · afb8df2
1 parent f331b28
commit afb8df2
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 5 deletions.
diff --git a/debian/changelog b/debian/changelog
@@ -1,3 +1,9 @@
+deepin-system-monitor (6.5.1) unstable; urgency=medium
+
+  * fix: some security issues. 
+
+ -- wangrong <[email protected]>  Thu, 12 Sep 2024 15:20:25 +0800
+
 deepin-system-monitor (6.5.0) unstable; urgency=medium
 
   * New version 6.5.0.

diff --git a/deepin-system-monitor-main/system/cpu_set.cpp b/deepin-system-monitor-main/system/cpu_set.cpp
@@ -660,11 +660,17 @@ void CPUSet::read_dmi_cache_info()
         if (!spnInfo.contains("KLVV", Qt::CaseInsensitive) && !spnInfo.contains("L540", Qt::CaseInsensitive) && !spnInfo.contains("KLVU", Qt::CaseInsensitive)
             && !spnInfo.contains("PGUV", Qt::CaseInsensitive) && !spnInfo.contains("PGUW", Qt::CaseInsensitive) && !spnInfo.contains("W585", Qt::CaseInsensitive)) {
 
-            process.start("bash", QStringList() << "-c"
-                                                << "dmidecode | grep -i \"String 4\"");
+            process.start("dmidecode");
             process.waitForStarted();
             process.waitForFinished();
             QString result = process.readAll();
+            QStringList lines = result.split('\n');
+            for (const QString &line : lines) {
+                if (line.contains("String 4", Qt::CaseInsensitive)) {
+                    result = line;
+                    break;
+                }
+            }
             if (!result.contains("PWC30", Qt::CaseInsensitive)   //w525
                 && !result.contains("PGUX", Qt::CaseInsensitive)) {
                 process.close();

diff --git a/deepin-system-monitor-system-server/src/systemdbusserver.cpp b/deepin-system-monitor-system-server/src/systemdbusserver.cpp
@@ -24,10 +24,10 @@ const QString s_PolkitActionSet = "org.deepin.systemmonitor.systemserver.set";
 /**
    @brief polkit 鉴权，通过配置文件处理
  */
-bool checkAuthorization(qint64 pid, const QString &action)
+bool checkAuthorization(const QString &appBusName, const QString &action)
 {
     PolkitQt1::Authority::Result ret = PolkitQt1::Authority::instance()->checkAuthorizationSync(
-            action, PolkitQt1::UnixProcessSubject(pid), PolkitQt1::Authority::AllowUserInteraction);
+            action, PolkitQt1::SystemBusNameSubject(appBusName), PolkitQt1::Authority::AllowUserInteraction);
     if (PolkitQt1::Authority::Yes == ret) {
         return true;
     } else {
@@ -116,7 +116,7 @@ QString SystemDBusServer::setServiceEnableImpl(const QString &serviceName, bool
     }
 
     // 鉴权处理
-    if (!checkAuthorization(dbusCallerPid(), s_PolkitActionSet)) {
+    if (!checkAuthorization(message().service(), s_PolkitActionSet)) {
         qWarning() << qPrintable("Polkit authorization failed");
         return QString(strerror(EPERM));
     }