SOURCES: kdebase-branch.diff - more fixes

arekm arekm at pld-linux.org
Fri Jun 9 17:18:01 CEST 2006 

Author: arekm                        Date: Fri Jun  9 15:18:01 2006 GMT
Module: SOURCES                       Tag: HEAD
---- Log message:
- more fixes

---- Files affected:
SOURCES:
   kdebase-branch.diff (1.29 -> 1.30) 

---- Diffs:

================================================================
Index: SOURCES/kdebase-branch.diff
diff -u SOURCES/kdebase-branch.diff:1.29 SOURCES/kdebase-branch.diff:1.30
--- SOURCES/kdebase-branch.diff:1.29	Fri Jun  9 17:15:58 2006
+++ SOURCES/kdebase-branch.diff	Fri Jun  9 17:17:56 2006
@@ -5871,3 +5871,78 @@
  	if (pipe( pfd ))
  		return GE_Error;
  	if ((pid = Fork()) < 0) {
+Index: ksysguard/ksysguardd/ksysguardd.c
+===================================================================
+--- ksysguard/ksysguardd/ksysguardd.c	(revision 549512)
++++ ksysguard/ksysguardd/ksysguardd.c	(working copy)
+@@ -207,15 +207,19 @@ static void dropPrivileges( void )
+ {
+   struct passwd *pwd;
+ 
+-  if ( ( pwd = getpwnam( "nobody" ) ) != NULL )
+-    setuid( pwd->pw_uid );
+-	else {
++  if ( ( pwd = getpwnam( "nobody" ) ) != NULL ) {
++    if ( !setgid(pwd->pw_gid) )
++      setuid(pwd->pw_uid);
++    if (!geteuid() && getuid() != pwd->pw_uid)
++      _exit(1);
++  }
++  else {
+     log_error( "User 'nobody' does not exist." );
+     /**
+       We exit here to avoid becoming vulnerable just because
+       user nobody does not exist.
+      */
+-    exit( 1 );
++    _exit(1);
+   }
+ }
+ 
+@@ -231,7 +235,7 @@ void makeDaemon( void )
+       chdir( "/" );
+       umask( 0 );
+       if ( createLockFile() < 0 )
+-        exit( 1 );
++        _exit( 1 );
+ 
+       dropPrivileges();
+       installSignalHandler();
+Index: drkonqi/main.cpp
+===================================================================
+--- drkonqi/main.cpp	(revision 549512)
++++ drkonqi/main.cpp	(working copy)
+@@ -61,7 +61,8 @@ int main( int argc, char* argv[] )
+ {
+   // Drop privs.
+   setgid(getgid());
+-  setuid(getuid());
++  if (setuid(getuid()) < 0 && geteuid() != getuid())
++     exit (255);
+ 
+   // Make sure that DrKonqi doesn't start DrKonqi when it crashes :-]
+   setenv("KDE_DEBUG", "true", 1);
+--- kdm/kfrontend/kgreeter.cpp	(revision 549445)
++++ kdm/kfrontend/kgreeter.cpp	(working copy)
+@@ -251,7 +251,12 @@ KGreeter::insertUsers()
+ 	// XXX remove seteuid-voodoo when we run as nobody
+ 	if (!(ps = getpwnam( "nobody" )))
+ 		return;
+-	seteuid( ps->pw_uid );
++        if (setegid( ps->pw_gid )) 
++                return;
++        if (seteuid( ps->pw_uid )) {
++                setegid(0);
++                return;
++        }
+ 
+ 	QImage default_pix;
+ 	if (userView) {
+@@ -318,6 +323,7 @@ KGreeter::insertUsers()
+ 
+ 	// XXX remove seteuid-voodoo when we run as nobody
+ 	seteuid( 0 );
++        setegid( 0 );
+ }
+ 
+ void
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/SOURCES/kdebase-branch.diff?r1=1.29&r2=1.30&f=u

More information about the pld-cvs-commit mailing list