diff options
Diffstat (limited to 'devel')
-rw-r--r-- | devel/gamin/Makefile | 1 | ||||
-rw-r--r-- | devel/gamin/files/patch-server_gam_channel.c | 116 |
2 files changed, 109 insertions, 8 deletions
diff --git a/devel/gamin/Makefile b/devel/gamin/Makefile index 4a4af93dc120..88fcb8a71fdb 100644 --- a/devel/gamin/Makefile +++ b/devel/gamin/Makefile @@ -7,6 +7,7 @@ PORTNAME= gamin PORTVERSION= 0.1.5 +PORTREVISION?= 1 CATEGORIES?= devel MASTER_SITES= http://www.gnome.org/~veillard/gamin/sources/ diff --git a/devel/gamin/files/patch-server_gam_channel.c b/devel/gamin/files/patch-server_gam_channel.c index 3c4905953aa8..8482e3408578 100644 --- a/devel/gamin/files/patch-server_gam_channel.c +++ b/devel/gamin/files/patch-server_gam_channel.c @@ -1,6 +1,6 @@ ---- server/gam_channel.c.orig Sun Jul 17 16:48:54 2005 -+++ server/gam_channel.c Sun Jul 17 16:51:45 2005 -@@ -29,10 +29,10 @@ gam_client_conn_send_cred(int fd) +--- server/gam_channel.c.orig Tue Aug 9 18:17:39 2005 ++++ server/gam_channel.c Fri Oct 21 07:55:31 2005 +@@ -30,10 +30,10 @@ { char data[2] = { 0, 0 }; int written; @@ -14,7 +14,7 @@ } cmsg; struct iovec iov; struct msghdr msg; -@@ -44,16 +44,16 @@ gam_client_conn_send_cred(int fd) +@@ -45,16 +45,16 @@ msg.msg_iov = &iov; msg.msg_iovlen = 1; @@ -35,7 +35,7 @@ written = sendmsg(fd, &msg, 0); #else written = write(fd, &data[0], 1); -@@ -92,15 +92,16 @@ gam_client_conn_check_cred(GIOChannel * +@@ -95,15 +95,16 @@ gid_t c_gid; #ifdef HAVE_CMSGCRED @@ -55,7 +55,7 @@ /* Set the socket to receive credentials on the next message */ { int on = 1; -@@ -121,8 +122,8 @@ gam_client_conn_check_cred(GIOChannel * +@@ -124,8 +125,8 @@ #ifdef HAVE_CMSGCRED memset(&cmsg, 0, sizeof(cmsg)); @@ -66,7 +66,7 @@ #endif retry: -@@ -139,7 +140,8 @@ gam_client_conn_check_cred(GIOChannel * +@@ -142,7 +143,8 @@ goto failed; } #ifdef HAVE_CMSGCRED @@ -76,7 +76,7 @@ GAM_DEBUG(DEBUG_INFO, "Message from recvmsg() was not SCM_CREDS\n"); goto failed; -@@ -165,9 +167,10 @@ gam_client_conn_check_cred(GIOChannel * +@@ -168,9 +170,10 @@ goto failed; } #elif defined(HAVE_CMSGCRED) @@ -90,3 +90,103 @@ #else /* !SO_PEERCRED && !HAVE_CMSGCRED */ GAM_DEBUG(DEBUG_INFO, "Socket credentials not supported on this OS\n"); +@@ -513,66 +516,6 @@ + g_free(dir); + return(FALSE); + } +- +-/** +- * gam_check_secure_path: +- * @path: path to the (possibly abstract) socket +- * +- * Tries to create or ensure that the socket used for communicating with +- * the clients are in a safe directory to avoid possible attacks. +- * +- * Returns the socket file descriptor or -1 in case of error. +- */ +-static gboolean +-gam_check_secure_path(const char *path) +-{ +- struct stat st; +- int ret; +- +- if (!gam_check_secure_dir()) +- return(FALSE); +- /* +- * Check the existing socket if any +- */ +- ret = stat(path, &st); +- if (ret < 0) +- return(TRUE); +- +- if (st.st_uid != getuid()) { +- gam_error(DEBUG_INFO, +- "Socket %s has different owner\n", +- path); +- goto cleanup; +- } +-#ifdef S_ISSOCK +- if (!S_ISSOCK (st.st_mode)) { +- gam_error(DEBUG_INFO, "Socket path %s is not a socket\n", +- path); +- goto cleanup; +- } +-#endif +- if (st.st_mode & (S_IRWXG|S_IRWXO)) { +- gam_error(DEBUG_INFO, +- "Socket %s has wrong permissions\n", +- path); +- goto cleanup; +- } +- /* +- * Looks good though binding may fail due to an existing server +- */ +- return(TRUE); +- +-cleanup: +- /* +- * the existing file at the socket location seems strange, try to remove it +- */ +- ret = unlink(path); +- if (ret < 0) { +- gam_error(DEBUG_INFO, "Failed to remove %s\n", path); +- return(FALSE); +- } +- return(TRUE); +-} + #endif /* ! HAVE_ABSTRACT_SOCKETS */ + + /************************************************************************ +@@ -620,6 +563,7 @@ + { + int fd; + struct sockaddr_un addr; ++ struct stat st; + + fd = socket(PF_UNIX, SOCK_STREAM, 0); + if (fd < 0) { +@@ -635,13 +579,18 @@ + addr.sun_path[0] = '\0'; + strncpy(&addr.sun_path[1], path, (sizeof(addr) - 4) - 2); + #else +- /* +- * if the socket is exposed at the filesystem level we need to take +- * some extra protection checks. Also make sure the socket is created +- * with restricted mode +- */ +- if (!gam_check_secure_path(path)) { ++ if (! gam_check_secure_dir()) { ++ close(fd); ++ return (-1); ++ } ++ ++ if (stat(path, &st) == 0) { ++ /* bind() will fail if the socket already exists */ ++ if (unlink(path) < 0) { ++ GAM_DEBUG(DEBUG_INFO, "Failed to remove %s\n", path); ++ close(fd); + return (-1); ++ } + } + strncpy(&addr.sun_path[0], path, (sizeof(addr) - 4) - 1); + umask(0077); |