aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authoranholt <anholt@FreeBSD.org>2003-11-09 12:44:30 +0800
committeranholt <anholt@FreeBSD.org>2003-11-09 12:44:30 +0800
commit385bd3d4f7debab7c4e66ff582f1d03ceac55030 (patch)
tree69eba40a8bda78a1eee6dfe83ecaa463eadae0b7
parent3d54a6f215a85c8e936f5e53b7cf0d681ffef427 (diff)
downloadfreebsd-ports-gnome-385bd3d4f7debab7c4e66ff582f1d03ceac55030.tar.gz
freebsd-ports-gnome-385bd3d4f7debab7c4e66ff582f1d03ceac55030.tar.zst
freebsd-ports-gnome-385bd3d4f7debab7c4e66ff582f1d03ceac55030.zip
Update luit (helper app that does locale translation for xterm) in
XFree86-4-clients from XFree86 CVS. This allows luit to be used setuid, which closes a security hole (tty left world-writable) that luit complains about on startup if not setuid. Setting WITH_SETUID_LUIT installs luit setuid. PR: ports/51632 Submitted by: Guido Berhoerster <ich@guido-berhoerster.org> Help from: ITO Tsuyoshi <tsuyoshi@is.s.u-tokyo.ac.jp>
-rw-r--r--x11/XFree86-4-clients/Makefile16
-rw-r--r--x11/XFree86-4-libraries/files/patch-luit223
2 files changed, 195 insertions, 44 deletions
diff --git a/x11/XFree86-4-clients/Makefile b/x11/XFree86-4-clients/Makefile
index 21ee681e0780..6b9ae3f549a5 100644
--- a/x11/XFree86-4-clients/Makefile
+++ b/x11/XFree86-4-clients/Makefile
@@ -7,7 +7,7 @@
PORTNAME= clients
PORTVERSION= 4.3.0
-PORTREVISION= 3
+PORTREVISION= 4
CATEGORIES= x11
MASTER_SITES= ${MASTER_SITE_XFREE}
MASTER_SITE_SUBDIR= 4.3.0
@@ -28,7 +28,7 @@ LIB_DEPENDS= freetype.9:${PORTSDIR}/print/freetype2 \
SCRIPTS_ENV= InstallXdmConfig=${InstallXdmConfig} \
InstallXinitConfig=${InstallXinitConfig} \
InstallAppDefFiles=${InstallAppDefFiles}
-
+
MAKE_ENV= PKGNAMEPREFIX=${PKGNAMEPREFIX} \
PORTNAME=${PORTNAME} \
PORTVERSION=${PORTVERSION}
@@ -52,6 +52,18 @@ InstallXdmConfig?= DEFAULT
InstallXinitConfig?= DEFAULT
InstallAppDefFiles?= DEFAULT
+.if !defined(WITH_SETUID_LUIT)
+pre-everything::
+ @${ECHO_MSG} "If you want to use xterm with locales in a secure manner, luit must be installed"
+ @${ECHO_MSG} "setuid. If you want to do this, hit Ctrl-C now and use \"make WITH_SETUID_LUIT=yes\""
+.endif
+
+.if defined(WITH_SETUID_LUIT)
+post-install:
+ ${CHOWN} root:wheel ${PREFIX}/bin/luit
+ ${CHMOD} 04711 ${PREFIX}/bin/luit
+.endif
+
.include "${.CURDIR}/../../x11/XFree86-4-libraries/Makefile.inc"
.include <bsd.port.pre.mk>
.include "${FILESDIR}/manpages"
diff --git a/x11/XFree86-4-libraries/files/patch-luit b/x11/XFree86-4-libraries/files/patch-luit
index 8d73f80e8b9e..2962f4e7a711 100644
--- a/x11/XFree86-4-libraries/files/patch-luit
+++ b/x11/XFree86-4-libraries/files/patch-luit
@@ -1,61 +1,200 @@
---- programs/luit/Imakefile.orig Wed Oct 16 18:06:09 2002
-+++ programs/luit/Imakefile Tue Mar 11 14:57:02 2003
-@@ -8,7 +8,7 @@
+Index: programs/luit/Imakefile
+===================================================================
+RCS file: /home/ncvs/xfree/xc/programs/luit/Imakefile,v
+retrieving revision 1.2
+retrieving revision 1.4
+diff -u -u -r1.2 -r1.4
+--- programs/luit/Imakefile 17 Oct 2002 01:06:09 -0000 1.2
++++ programs/luit/Imakefile 28 May 2003 16:02:35 -0000 1.4
+@@ -1,19 +1,19 @@
+-XCOMM $XFree86: xc/programs/luit/Imakefile,v 1.2 2002/10/17 01:06:09 dawes Exp $
++XCOMM $XFree86: xc/programs/luit/Imakefile,v 1.3tsi Exp $
+
+ #ifndef LocaleAliasFile
+-#define LocaleAliasFile \
+- $(XLOCALEDIR)/locale.alias
++#define LocaleAliasFile $(XLOCALEDIR)/locale.alias
+ #endif
+
++LOCALEALIASFILE = LocaleAliasFile
LOCAL_LIBRARIES = $(XFONTENCLIB)
DEPLIBS = $(DEPXFONTENCLIB)
-SYS_LIBRARIES = MathLibrary GzipLibrary
-+SYS_LIBRARIES = MathLibrary GzipLibrary -lutil
++SYS_LIBRARIES = GzipLibrary
SRCS = luit.c iso2022.c charset.c parser.c sys.c other.c
---- programs/luit/sys.c.orig Mon Jan 7 12:38:30 2002
-+++ programs/luit/sys.c Tue Mar 11 14:57:02 2003
-@@ -33,6 +33,7 @@
- #include <termios.h>
- #include <signal.h>
- #include <errno.h>
-+#include <libutil.h>
-
- #ifdef SVR4
- #define HAVE_POLL
-@@ -313,6 +314,7 @@
+ OBJS = luit.o iso2022.o charset.o parser.o sys.o other.o
+
+-DEFINES = -DLOCALE_ALIAS_FILE=\"LocaleAliasFile\"
++DEFINES = -DLOCALE_ALIAS_FILE=\"$(LOCALEALIASFILE)\"
+
+ ComplexProgramTarget(luit)
+Index: programs/luit/luit.c
+===================================================================
+RCS file: /home/ncvs/xfree/xc/programs/luit/luit.c,v
+retrieving revision 1.10
+retrieving revision 1.11
+diff -u -u -r1.10 -r1.11
+--- programs/luit/luit.c 24 Feb 2003 01:10:25 -0000 1.10
++++ programs/luit/luit.c 8 Sep 2003 14:25:30 -0000 1.11
+@@ -545,6 +545,10 @@
+ #endif
+ installHandler(SIGCHLD, sigchldHandler);
+
++ rc = copyTermios(0, pty);
++ if(rc < 0)
++ FatalError("Couldn't copy terminal settings\n");
++
+ rc = setRawTermios();
+ if(rc < 0)
+ FatalError("Couldn't set terminal to raw\n");
+Index: programs/luit/luit.man
+===================================================================
+RCS file: /home/ncvs/xfree/xc/programs/luit/luit.man,v
+retrieving revision 1.7
+retrieving revision 1.8
+diff -u -u -r1.7 -r1.8
+--- programs/luit/luit.man 24 Feb 2003 01:10:25 -0000 1.7
++++ programs/luit/luit.man 3 Apr 2003 16:44:36 -0000 1.8
+@@ -202,8 +202,8 @@
+ takes no responsibility for any resulting security issues.
+
+ .B Luit
+-will refuse to run if it is installed setuid and the underlying system
+-does not have POSIX saved ids.
++will refuse to run if it is installed setuid and cannot safely drop
++privileges.
+ .SH BUGS
+ None of this complexity should be necessary. Stateless UTF-8
+ throughout the system is the way to go.
+Index: programs/luit/sys.c
+===================================================================
+RCS file: /home/ncvs/xfree/xc/programs/luit/sys.c,v
+retrieving revision 1.7
+retrieving revision 1.10
+diff -u -u -r1.7 -r1.10
+--- programs/luit/sys.c 7 Jan 2002 20:38:30 -0000 1.7
++++ programs/luit/sys.c 8 Sep 2003 14:25:30 -0000 1.10
+@@ -68,6 +68,10 @@
+ #include <stropts.h>
+ #endif
+
++#if (defined(__unix__) || defined(unix)) && !defined(USG)
++#include <sys/param.h>
++#endif
++
+ #include "sys.h"
+
+ static int saved_tio_valid = 0;
+@@ -211,6 +215,23 @@
+ }
+
+ int
++copyTermios(int sfd, int dfd)
++{
++ struct termios tio;
++ int rc;
++
++ rc = tcgetattr(sfd, &tio);
++ if(rc < 0)
++ return -1;
++
++ rc = tcsetattr(dfd, TCSAFLUSH, &tio);
++ if(rc < 0)
++ return -1;
++
++ return 0;
++}
++
++int
+ saveTermios(void)
+ {
+ int rc;
+@@ -311,7 +332,8 @@
+ {
+ char name[12], *line = NULL;
int pty = -1;
- char *name1 = "pqrstuvwxyzPQRST", *name2 = "0123456789abcdef";
+- char *name1 = "pqrstuvwxyzPQRST", *name2 = "0123456789abcdef";
++ char *name1 = "pqrstuvwxyzPQRST",
++ *name2 = "0123456789abcdefghijklmnopqrstuv";
char *p1, *p2;
-+ int tty;
#ifdef HAVE_GRANTPT
- char *temp_line;
-@@ -355,27 +357,11 @@
- bsd:
- #endif /* HAVE_GRANTPT */
-
-- strcpy(name, "/dev/pty??");
-- for(p1 = name1; *p1; p1++) {
-- name[8] = *p1;
-- for(p2 = name2; *p2; p2++) {
-- name[9] = *p2;
-- pty = open(name, O_RDWR);
-- if(pty >= 0)
-- goto found;
+@@ -363,17 +385,16 @@
+ pty = open(name, O_RDWR);
+ if(pty >= 0)
+ goto found;
- if(errno == ENOENT)
- goto bail;
- else
- continue;
-- }
-- }
--
-- goto bail;
--
-- found:
++ /* Systems derived from 4.4BSD differ in their pty names,
++ so ENOENT doesn't necessarily imply we're done. */
++ continue;
+ }
+ }
+
+ goto bail;
+
+ found:
- line = malloc(strlen(name));
-+ if (openpty(&pty, &tty, name, NULL, NULL) == -1)
-+ goto bail;
-+ close(tty);
+ line = malloc(strlen(name) + 1);
strcpy(line, name);
-- line[5] = 't';
+ line[5] = 't';
fix_pty_perms(line);
- *pty_return = pty;
- *line_return = line;
+@@ -429,7 +450,10 @@
+ return -1;
+ }
+
+-#ifdef _POSIX_SAVED_IDS
++/* Post-4.4 BSD systems have POSIX semantics (_POSIX_SAVED_IDS
++ or not, depending on the version). 4.3BSD and Minix do not have
++ saved IDs at all, so there's no issue. */
++#if (defined(BSD) && !defined(_POSIX_SAVED_IDS)) || defined(_MINIX)
+ int
+ droppriv()
+ {
+@@ -438,6 +462,25 @@
+ if(rc < 0)
+ return rc;
+ return setgid(getgid());
++}
++#elif defined(_POSIX_SAVED_IDS)
++int
++droppriv()
++{
++ int uid = getuid();
++ int euid = geteuid();
++ int gid = getgid();
++ int egid = getegid();
++ int rc;
++
++ if((uid != euid || gid != egid) && euid != 0) {
++ errno = ENOSYS;
++ return -1;
++ }
++ rc = setuid(uid);
++ if(rc < 0)
++ return rc;
++ return setgid(gid);
+ }
+ #else
+ int
+Index: programs/luit/sys.h
+===================================================================
+RCS file: /home/ncvs/xfree/xc/programs/luit/sys.h,v
+retrieving revision 1.1
+retrieving revision 1.2
+diff -u -u -r1.1 -r1.2
+--- programs/luit/sys.h 2 Nov 2001 03:06:43 -0000 1.1
++++ programs/luit/sys.h 8 Sep 2003 14:25:30 -0000 1.2
+@@ -24,6 +24,7 @@
+ int waitForInput(int fd1, int fd2);
+ int setWindowSize(int sfd, int dfd);
+ int installHandler(int signum, void (*handler)(int));
++int copyTermios(int sfd, int dfd);
+ int saveTermios(void);
+ int restoreTermios(void);
+ int setRawTermios(void);