aboutsummaryrefslogtreecommitdiffstats
path: root/x11/gdm
diff options
context:
space:
mode:
authormarcus <marcus@FreeBSD.org>2005-06-28 01:24:41 +0800
committermarcus <marcus@FreeBSD.org>2005-06-28 01:24:41 +0800
commita0f99a4aa176cb71fe7dfc5bdd99c283b361ac0f (patch)
tree5e3b936069ac2443466a66337cad12d067f0b0bb /x11/gdm
parent09e8fa4abd64c5ac3cccf463638992ab9666f530 (diff)
downloadfreebsd-ports-gnome-a0f99a4aa176cb71fe7dfc5bdd99c283b361ac0f.tar.gz
freebsd-ports-gnome-a0f99a4aa176cb71fe7dfc5bdd99c283b361ac0f.tar.zst
freebsd-ports-gnome-a0f99a4aa176cb71fe7dfc5bdd99c283b361ac0f.zip
Correct a severe security issue if a user without a home directory logs in
via GDM. In such a case, the user would have had root:gdm privileges. This is now fixed by correctly changing back to the user's uid:gid. Submitted by: Pawel Worach <pawel.worach@gmail.com> Obtained from: http://bugzilla.gnome.org/show_bug.cgi?id=308050 Security: This fixes a potential privilege escalation problem
Diffstat (limited to 'x11/gdm')
-rw-r--r--x11/gdm/Makefile2
-rw-r--r--x11/gdm/files/patch-daemon_slave.c49
2 files changed, 42 insertions, 9 deletions
diff --git a/x11/gdm/Makefile b/x11/gdm/Makefile
index ab7defa23f1c..d06566ab9143 100644
--- a/x11/gdm/Makefile
+++ b/x11/gdm/Makefile
@@ -7,7 +7,7 @@
PORTNAME= gdm
PORTVERSION= 2.8.0.0
-PORTREVISION= 1
+PORTREVISION= 2
CATEGORIES= x11 gnome
MASTER_SITES= ${MASTER_SITE_GNOME}
MASTER_SITE_SUBDIR= sources/${PORTNAME:S/2$//}/2.8
diff --git a/x11/gdm/files/patch-daemon_slave.c b/x11/gdm/files/patch-daemon_slave.c
index 5a1a3aca7309..56a5074e18a7 100644
--- a/x11/gdm/files/patch-daemon_slave.c
+++ b/x11/gdm/files/patch-daemon_slave.c
@@ -1,17 +1,50 @@
---- daemon/slave.c.orig Sat Jun 11 00:44:02 2005
-+++ daemon/slave.c Sat Jun 11 00:45:58 2005
-@@ -4058,14 +4058,6 @@
- home_dir = pwent->pw_dir;
+--- daemon/slave.c.orig Fri May 6 17:05:17 2005
++++ daemon/slave.c Sun Jun 26 15:53:00 2005
+@@ -4014,6 +4014,10 @@
+
}
++ /*
++ * Set euid, gid to user before testing for user's $HOME since root
++ * does not always have access to the user's $HOME directory.
++ */
+ if G_UNLIKELY (setegid (pwent->pw_gid) != 0 ||
+ seteuid (pwent->pw_uid) != 0) {
+ gdm_error ("Cannot set effective user/group id");
+@@ -4033,6 +4037,7 @@
+ "you use a failsafe session."),
+ ve_sure_string (pwent->pw_dir));
+
++ /* Set euid, egid to root:gdm to manage user interaction */
+ seteuid (0);
+ setegid (GdmGroupId);
+
+@@ -4051,19 +4056,20 @@
+
+ g_free (msg);
+
++ /* Reset euid, egid back to user */
++ if G_UNLIKELY (setegid (pwent->pw_gid) != 0 ||
++ seteuid (pwent->pw_uid) != 0) {
++ gdm_error ("Cannot set effective user/group id");
++ gdm_verify_cleanup (d);
++ session_started = FALSE;
++ return;
++ }
++
+ home_dir_ok = FALSE;
+ home_dir = "/";
+ } else {
+ home_dir_ok = TRUE;
+ home_dir = pwent->pw_dir;
+- }
+-
- if G_UNLIKELY (setegid (pwent->pw_gid) != 0 ||
- seteuid (pwent->pw_uid) != 0) {
- gdm_error ("Cannot set effective user/group id");
- gdm_verify_cleanup (d);
- session_started = FALSE;
- return;
-- }
--
+ }
+
if G_LIKELY (home_dir_ok) {
- /* Sanity check on ~user/.dmrc */
- usrcfgok = gdm_file_check ("gdm_slave_session_start", pwent->pw_uid,