diff options
author | marcus <marcus@FreeBSD.org> | 2005-06-28 01:24:41 +0800 |
---|---|---|
committer | marcus <marcus@FreeBSD.org> | 2005-06-28 01:24:41 +0800 |
commit | a0f99a4aa176cb71fe7dfc5bdd99c283b361ac0f (patch) | |
tree | 5e3b936069ac2443466a66337cad12d067f0b0bb /x11/gdm | |
parent | 09e8fa4abd64c5ac3cccf463638992ab9666f530 (diff) | |
download | freebsd-ports-gnome-a0f99a4aa176cb71fe7dfc5bdd99c283b361ac0f.tar.gz freebsd-ports-gnome-a0f99a4aa176cb71fe7dfc5bdd99c283b361ac0f.tar.zst freebsd-ports-gnome-a0f99a4aa176cb71fe7dfc5bdd99c283b361ac0f.zip |
Correct a severe security issue if a user without a home directory logs in
via GDM. In such a case, the user would have had root:gdm privileges.
This is now fixed by correctly changing back to the user's uid:gid.
Submitted by: Pawel Worach <pawel.worach@gmail.com>
Obtained from: http://bugzilla.gnome.org/show_bug.cgi?id=308050
Security: This fixes a potential privilege escalation problem
Diffstat (limited to 'x11/gdm')
-rw-r--r-- | x11/gdm/Makefile | 2 | ||||
-rw-r--r-- | x11/gdm/files/patch-daemon_slave.c | 49 |
2 files changed, 42 insertions, 9 deletions
diff --git a/x11/gdm/Makefile b/x11/gdm/Makefile index ab7defa23f1c..d06566ab9143 100644 --- a/x11/gdm/Makefile +++ b/x11/gdm/Makefile @@ -7,7 +7,7 @@ PORTNAME= gdm PORTVERSION= 2.8.0.0 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= x11 gnome MASTER_SITES= ${MASTER_SITE_GNOME} MASTER_SITE_SUBDIR= sources/${PORTNAME:S/2$//}/2.8 diff --git a/x11/gdm/files/patch-daemon_slave.c b/x11/gdm/files/patch-daemon_slave.c index 5a1a3aca7309..56a5074e18a7 100644 --- a/x11/gdm/files/patch-daemon_slave.c +++ b/x11/gdm/files/patch-daemon_slave.c @@ -1,17 +1,50 @@ ---- daemon/slave.c.orig Sat Jun 11 00:44:02 2005 -+++ daemon/slave.c Sat Jun 11 00:45:58 2005 -@@ -4058,14 +4058,6 @@ - home_dir = pwent->pw_dir; +--- daemon/slave.c.orig Fri May 6 17:05:17 2005 ++++ daemon/slave.c Sun Jun 26 15:53:00 2005 +@@ -4014,6 +4014,10 @@ + } ++ /* ++ * Set euid, gid to user before testing for user's $HOME since root ++ * does not always have access to the user's $HOME directory. ++ */ + if G_UNLIKELY (setegid (pwent->pw_gid) != 0 || + seteuid (pwent->pw_uid) != 0) { + gdm_error ("Cannot set effective user/group id"); +@@ -4033,6 +4037,7 @@ + "you use a failsafe session."), + ve_sure_string (pwent->pw_dir)); + ++ /* Set euid, egid to root:gdm to manage user interaction */ + seteuid (0); + setegid (GdmGroupId); + +@@ -4051,19 +4056,20 @@ + + g_free (msg); + ++ /* Reset euid, egid back to user */ ++ if G_UNLIKELY (setegid (pwent->pw_gid) != 0 || ++ seteuid (pwent->pw_uid) != 0) { ++ gdm_error ("Cannot set effective user/group id"); ++ gdm_verify_cleanup (d); ++ session_started = FALSE; ++ return; ++ } ++ + home_dir_ok = FALSE; + home_dir = "/"; + } else { + home_dir_ok = TRUE; + home_dir = pwent->pw_dir; +- } +- - if G_UNLIKELY (setegid (pwent->pw_gid) != 0 || - seteuid (pwent->pw_uid) != 0) { - gdm_error ("Cannot set effective user/group id"); - gdm_verify_cleanup (d); - session_started = FALSE; - return; -- } -- + } + if G_LIKELY (home_dir_ok) { - /* Sanity check on ~user/.dmrc */ - usrcfgok = gdm_file_check ("gdm_slave_session_start", pwent->pw_uid, |