SOURCES: x11r6.9.0-setuid.diff (NEW) - original from http://xorg.f...
glen
glen at pld-linux.org
Fri Sep 15 00:31:34 CEST 2006
Author: glen Date: Thu Sep 14 22:31:34 2006 GMT
Module: SOURCES Tag: HEAD
---- Log message:
- original from http://xorg.freedesktop.org/releases/X11R6.9.0/patches/x11r6.9.0-setuid.diff
---- Files affected:
SOURCES:
x11r6.9.0-setuid.diff (NONE -> 1.1) (NEW)
---- Diffs:
================================================================
Index: SOURCES/x11r6.9.0-setuid.diff
diff -u /dev/null SOURCES/x11r6.9.0-setuid.diff:1.1
--- /dev/null Fri Sep 15 00:31:34 2006
+++ SOURCES/x11r6.9.0-setuid.diff Fri Sep 15 00:31:29 2006
@@ -0,0 +1,290 @@
+--- xc/programs/Xserver/hw/xfree86/common/xf86Init.c 14 Dec 2005 20:12:00 -0000 1.29
++++ xc/programs/Xserver/hw/xfree86/common/xf86Init.c 5 Jun 2006 10:35:19 -0000
+@@ -1,5 +1,5 @@
+ /* $XFree86: xc/programs/Xserver/hw/xfree86/common/xf86Init.c,v 3.212 2004/01/27 01:31:45 dawes Exp $ */
+-/* $XdotOrg: xc/programs/Xserver/hw/xfree86/common/xf86Init.c,v 1.29 2005-12-14 20:12:00 ajax Exp $ */
++/* $XdotOrg: xc/programs/Xserver/hw/xfree86/common/xf86Init.c,v 1.29 2005/12/14 20:12:00 ajax Exp $ */
+
+ /*
+ * Loosely based on code bearing the following copyright:
+@@ -1905,7 +1905,11 @@
+ FatalError("xf86RunVtInit: fork failed (%s)\n", strerror(errno));
+ break;
+ case 0: /* child */
+- setuid(getuid());
++ if (setuid(getuid()) == -1) {
++ xf86Msg(X_ERROR, "xf86RunVtInit: setuid failed (%s)\n",
++ strerror(errno));
++ exit(255);
++ }
+ /* set stdin, stdout to the consoleFd */
+ for (i = 0; i < 2; i++) {
+ if (xf86Info.consoleFd != i) {
+--- xc/programs/Xserver/hw/xfree86/os-support/shared/libc_wrapper.c 3 Jul 2005 08:53:48 -0000 1.9
++++ xc/programs/Xserver/hw/xfree86/os-support/shared/libc_wrapper.c 5 Jun 2006 10:35:19 -0000
+@@ -1270,7 +1270,10 @@
+ #ifndef SELF_CONTAINED_WRAPPER
+ xf86DisableIO();
+ #endif
+- setuid(getuid());
++ if (setuid(getuid()) == -1) {
++ ErrorF("xf86Execl: setuid() failed: %s\n", strerror(errno));
++ exit(255);
++ }
+ #if !defined(SELF_CONTAINED_WRAPPER)
+ /* set stdin, stdout to the consoleFD, and leave stderr alone */
+ for (i = 0; i < 2; i++)
+--- xc/programs/Xserver/hw/xfree86/parser/write.c 3 Jul 2005 07:01:37 -0000 1.3
++++ xc/programs/Xserver/hw/xfree86/parser/write.c 5 Jun 2006 10:35:19 -0000
+@@ -170,7 +170,10 @@
+ strerror(errno));
+ return 0;
+ case 0: /* child */
+- setuid(getuid());
++ if (setuid(getuid() == -1)
++ FatalError("xf86writeConfigFile(): "
++ "setuid failed(%s)\n",
++ strerror(errno));
+ ret = doWriteConfigFile(filename, cptr);
+ exit(ret);
+ break;
+--- xc/programs/Xserver/os/utils.c 8 Nov 2005 06:33:30 -0000 1.21
++++ xc/programs/Xserver/os/utils.c 5 Jun 2006 10:35:20 -0000
+@@ -1,4 +1,4 @@
+-/* $XdotOrg: xc/programs/Xserver/os/utils.c,v 1.21 2005-11-08 06:33:30 jkj Exp $ */
++/* $XdotOrg: xc/programs/Xserver/os/utils.c,v 1.21 2005/11/08 06:33:30 jkj Exp $ */
+ /* $Xorg: utils.c,v 1.5 2001/02/09 02:05:24 xorgcvs Exp $ */
+ /*
+
+@@ -1718,8 +1718,10 @@
+ case -1: /* error */
+ p = -1;
+ case 0: /* child */
+- setgid(getgid());
+- setuid(getuid());
++ if (setgid(getgid()) == -1)
++ _exit(127);
++ if (setuid(getuid()) == -1)
++ _exit(127);
+ execl("/bin/sh", "sh", "-c", command, (char *)NULL);
+ _exit(127);
+ default: /* parent */
+@@ -1770,8 +1772,10 @@
+ xfree(cur);
+ return NULL;
+ case 0: /* child */
+- setgid(getgid());
+- setuid(getuid());
++ if (setgid(getgid()) == -1)
++ _exit(127);
++ if (setuid(getuid()) == -1)
++ _exit(127);
+ if (*type == 'r') {
+ if (pdes[1] != 1) {
+ /* stdout */
+@@ -1845,8 +1849,10 @@
+ xfree(cur);
+ return NULL;
+ case 0: /* child */
+- setgid(getgid());
+- setuid(getuid());
++ if (setgid(getgid()) == -1)
++ _exit(127);
++ if (setuid(getuid()) == -1)
++ _exit(127);
+ if (*type == 'r') {
+ if (pdes[1] != 1) {
+ /* stdout */
+--- xc/programs/xdm/session.c 8 Nov 2005 06:33:31 -0000 1.3
++++ xc/programs/xdm/session.c 5 Jun 2006 10:35:21 -0000
+@@ -1,4 +1,4 @@
+-/* $XdotOrg: xc/programs/xdm/session.c,v 1.3 2005-11-08 06:33:31 jkj Exp $ */
++/* $XdotOrg: xc/programs/xdm/session.c,v 1.3 2005/11/08 06:33:31 jkj Exp $ */
+ /* $Xorg: session.c,v 1.8 2001/02/09 02:05:40 xorgcvs Exp $ */
+ /*
+
+@@ -488,8 +488,14 @@
+ else
+ ResetServer (d);
+ if (removeAuth) {
+- setgid (verify.gid);
+- setuid (verify.uid);
++ if (setgid (verify.gid) == -1) {
++ LogError( "SessionExit: setgid: %s\n", strerror(errno));
++ exit(status);
++ }
++ if (setuid (verify.uid) == -1) {
++ LogError( "SessionExit: setuid: %s\n", strerror(errno));
++ exit(status);
++ }
+ RemoveUserAuthorization (d, &verify);
+ #ifdef K5AUTH
+ /* do like "kdestroy" program */
+--- xc/programs/xdm/xdmshell.c 14 Jul 2005 22:58:25 -0000 1.3
++++ xc/programs/xdm/xdmshell.c 5 Jun 2006 10:35:21 -0000
+@@ -183,7 +183,11 @@
+ #endif
+
+ /* make xdm run in a non-setuid environment */
+- setuid (geteuid());
++ if (setuid (geteuid()) == -1) {
++ fprintf(stderr, "%s: cannot setuid (error %d, %s)\r\n",
++ ProgramName, errno, strerror(errno));
++ exit(1);
++ }
+
+ /*
+ * exec /usr/bin/X11/xdm -nodaemon -udpPort 0
+--- xc/programs/xf86dga/dga.c 23 Apr 2004 19:54:47 -0000 1.2
++++ xc/programs/xf86dga/dga.c 5 Jun 2006 10:35:21 -0000
+@@ -16,6 +16,7 @@
+ #include <X11/Xmd.h>
+ #include <X11/extensions/xf86dga.h>
+ #include <ctype.h>
++#include <errno.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <signal.h>
+@@ -141,7 +142,10 @@
+
+ #ifndef __UNIXOS2__
+ /* Give up root privs */
+- setuid(getuid());
++ if (setuid(getuid()) == -1) {
++ fprintf(stderr, "Unable to change uid: %s\n", strerror(errno));
++ exit(2);
++ }
+ #endif
+
+ XF86DGASetViewPort(dis, DefaultScreen(dis), 0, 0);
+--- xc/programs/xinit/xinit.c 4 Oct 2005 01:27:34 -0000 1.4
++++ xc/programs/xinit/xinit.c 5 Jun 2006 10:35:21 -0000
+@@ -1,5 +1,5 @@
+ /* $Xorg: xinit.c,v 1.5 2001/02/09 02:05:49 xorgcvs Exp $ */
+-/* $XdotOrg: xc/programs/xinit/xinit.c,v 1.4 2005-10-04 01:27:34 ajax Exp $ */
++/* $XdotOrg: xc/programs/xinit/xinit.c,v 1.4 2005/10/04 01:27:34 ajax Exp $ */
+
+ /*
+
+@@ -692,7 +692,10 @@
+ startClient(char *client[])
+ {
+ if ((clientpid = vfork()) == 0) {
+- setuid(getuid());
++ if (setuid(getuid()) == -1) {
++ Error("cannot change uid: %s\n", strerror(errno));
++ _exit(ERR_EXIT);
++ }
+ setpgrp(0, getpid());
+ environ = newenviron;
+ #ifdef __UNIXOS2__
+--- xc/programs/xload/xload.c 23 Apr 2004 19:54:57 -0000 1.2
++++ xc/programs/xload/xload.c 5 Jun 2006 10:35:21 -0000
+@@ -34,7 +34,7 @@
+ * xload - display system load average in a window
+ */
+
+-
++#include <errno.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <unistd.h>
+@@ -162,8 +162,17 @@
+ /* For security reasons, we reset our uid/gid after doing the necessary
+ system initialization and before calling any X routines. */
+ InitLoadPoint();
+- setgid(getgid()); /* reset gid first while still (maybe) root */
+- setuid(getuid());
++ /* reset gid first while still (maybe) root */
++ if (setgid(getgid()) == -1) {
++ fprintf(stderr, "%s: setgid failed: %s\n",
++ ProgramName, strerror(errno));
++ exit(1);
++ }
++ if (setuid(getuid()) == -1) {
++ fprintf(stderr, "%s: setuid failed: %s\n",
++ ProgramName, strerror(errno));
++ exit(1);
++ }
+
+ XtSetLanguageProc(NULL, (XtLanguageProc) NULL, NULL);
+
+--- xc/programs/xterm/main.c 14 Dec 2005 23:28:27 -0000 1.8
++++ xc/programs/xterm/main.c 5 Jun 2006 10:35:22 -0000
+@@ -1592,8 +1592,10 @@
+ Window winToEmbedInto = None;
+
+ #ifdef DISABLE_SETUID
+- seteuid(getuid());
+- setuid(getuid());
++ if (seteuid(getuid()) == -1)
++ exit(2);
++ if (setuid(getuid()) == -1)
++ exit(2);
+ #endif
+
+ ProgramName = argv[0];
+@@ -1619,8 +1621,16 @@
+
+ #if defined(USE_UTMP_SETGID)
+ get_pty(NULL, NULL);
+- seteuid(getuid());
+- setuid(getuid());
++ if (seteuid(getuid()) == -1) {
++ fprintf(stderr,
++ "%s: unable to change back euid\n", ProgramName);
++ exit(1);
++ }
++ if (setuid(getuid()) == -1) {
++ fprintf(stderr,
++ "%s: unable to change back uid\n", ProgramName);
++ exit(1);
++ }
+ #define get_pty(pty, from) really_get_pty(pty, from)
+ #endif
+
+--- xc/programs/xterm/misc.c 14 Dec 2005 23:28:27 -0000 1.6
++++ xc/programs/xterm/misc.c 5 Jun 2006 10:35:22 -0000
+@@ -1094,8 +1094,10 @@
+ pid = fork();
+ switch (pid) {
+ case 0: /* child */
+- setgid(gid);
+- setuid(uid);
++ if (setgid(gid) == -1)
++ _exit(ERROR_SETUID);
++ if (setuid(uid) == -1)
++ _exit(ERROR_SETUID);
+ fd = open(pathname,
+ O_WRONLY | O_CREAT | (append ? O_APPEND : O_EXCL),
+ mode);
+@@ -1262,8 +1264,10 @@
+ signal(SIGCHLD, SIG_DFL);
+
+ /* (this is redundant) */
+- setgid(screen->gid);
+- setuid(screen->uid);
++ if (setgid(screen->gid) == -1)
++ exit(ERROR_SETUID);
++ if (setuid(screen->uid) == -1)
++ exit(ERROR_SETUID);
+
+ execl(shell, shell, "-c", &screen->logfile[1], (void *) 0);
+
+--- xc/programs/xterm/print.c 5 Aug 2005 16:13:04 -0000 1.5
++++ xc/programs/xterm/print.c 5 Jun 2006 10:35:22 -0000
+@@ -387,9 +387,11 @@
+ dup2(fileno(stderr), 2);
+ close(fileno(stderr));
+ }
+-
+- setgid(screen->gid); /* don't want privileges! */
+- setuid(screen->uid);
++ /* don't want privileges! */
++ if (setgid(screen->gid) == -1)
++ exit(2);
++ if (setuid(screen->uid) == -1)
++ exit(2);
+
+ Printer = popen(screen->printer_command, "w");
+ input = fdopen(my_pipe[0], "r");
================================================================
More information about the pld-cvs-commit
mailing list