aboutsummaryrefslogtreecommitdiffstats
path: root/devel
diff options
context:
space:
mode:
Diffstat (limited to 'devel')
-rw-r--r--devel/gamin/Makefile1
-rw-r--r--devel/gamin/files/patch-server_gam_channel.c116
2 files changed, 109 insertions, 8 deletions
diff --git a/devel/gamin/Makefile b/devel/gamin/Makefile
index 4a4af93dc120..88fcb8a71fdb 100644
--- a/devel/gamin/Makefile
+++ b/devel/gamin/Makefile
@@ -7,6 +7,7 @@
PORTNAME= gamin
PORTVERSION= 0.1.5
+PORTREVISION?= 1
CATEGORIES?= devel
MASTER_SITES= http://www.gnome.org/~veillard/gamin/sources/
diff --git a/devel/gamin/files/patch-server_gam_channel.c b/devel/gamin/files/patch-server_gam_channel.c
index 3c4905953aa8..8482e3408578 100644
--- a/devel/gamin/files/patch-server_gam_channel.c
+++ b/devel/gamin/files/patch-server_gam_channel.c
@@ -1,6 +1,6 @@
---- server/gam_channel.c.orig Sun Jul 17 16:48:54 2005
-+++ server/gam_channel.c Sun Jul 17 16:51:45 2005
-@@ -29,10 +29,10 @@ gam_client_conn_send_cred(int fd)
+--- server/gam_channel.c.orig Tue Aug 9 18:17:39 2005
++++ server/gam_channel.c Fri Oct 21 07:55:31 2005
+@@ -30,10 +30,10 @@
{
char data[2] = { 0, 0 };
int written;
@@ -14,7 +14,7 @@
} cmsg;
struct iovec iov;
struct msghdr msg;
-@@ -44,16 +44,16 @@ gam_client_conn_send_cred(int fd)
+@@ -45,16 +45,16 @@
msg.msg_iov = &iov;
msg.msg_iovlen = 1;
@@ -35,7 +35,7 @@
written = sendmsg(fd, &msg, 0);
#else
written = write(fd, &data[0], 1);
-@@ -92,15 +92,16 @@ gam_client_conn_check_cred(GIOChannel *
+@@ -95,15 +95,16 @@
gid_t c_gid;
#ifdef HAVE_CMSGCRED
@@ -55,7 +55,7 @@
/* Set the socket to receive credentials on the next message */
{
int on = 1;
-@@ -121,8 +122,8 @@ gam_client_conn_check_cred(GIOChannel *
+@@ -124,8 +125,8 @@
#ifdef HAVE_CMSGCRED
memset(&cmsg, 0, sizeof(cmsg));
@@ -66,7 +66,7 @@
#endif
retry:
-@@ -139,7 +140,8 @@ gam_client_conn_check_cred(GIOChannel *
+@@ -142,7 +143,8 @@
goto failed;
}
#ifdef HAVE_CMSGCRED
@@ -76,7 +76,7 @@
GAM_DEBUG(DEBUG_INFO,
"Message from recvmsg() was not SCM_CREDS\n");
goto failed;
-@@ -165,9 +167,10 @@ gam_client_conn_check_cred(GIOChannel *
+@@ -168,9 +170,10 @@
goto failed;
}
#elif defined(HAVE_CMSGCRED)
@@ -90,3 +90,103 @@
#else /* !SO_PEERCRED && !HAVE_CMSGCRED */
GAM_DEBUG(DEBUG_INFO,
"Socket credentials not supported on this OS\n");
+@@ -513,66 +516,6 @@
+ g_free(dir);
+ return(FALSE);
+ }
+-
+-/**
+- * gam_check_secure_path:
+- * @path: path to the (possibly abstract) socket
+- *
+- * Tries to create or ensure that the socket used for communicating with
+- * the clients are in a safe directory to avoid possible attacks.
+- *
+- * Returns the socket file descriptor or -1 in case of error.
+- */
+-static gboolean
+-gam_check_secure_path(const char *path)
+-{
+- struct stat st;
+- int ret;
+-
+- if (!gam_check_secure_dir())
+- return(FALSE);
+- /*
+- * Check the existing socket if any
+- */
+- ret = stat(path, &st);
+- if (ret < 0)
+- return(TRUE);
+-
+- if (st.st_uid != getuid()) {
+- gam_error(DEBUG_INFO,
+- "Socket %s has different owner\n",
+- path);
+- goto cleanup;
+- }
+-#ifdef S_ISSOCK
+- if (!S_ISSOCK (st.st_mode)) {
+- gam_error(DEBUG_INFO, "Socket path %s is not a socket\n",
+- path);
+- goto cleanup;
+- }
+-#endif
+- if (st.st_mode & (S_IRWXG|S_IRWXO)) {
+- gam_error(DEBUG_INFO,
+- "Socket %s has wrong permissions\n",
+- path);
+- goto cleanup;
+- }
+- /*
+- * Looks good though binding may fail due to an existing server
+- */
+- return(TRUE);
+-
+-cleanup:
+- /*
+- * the existing file at the socket location seems strange, try to remove it
+- */
+- ret = unlink(path);
+- if (ret < 0) {
+- gam_error(DEBUG_INFO, "Failed to remove %s\n", path);
+- return(FALSE);
+- }
+- return(TRUE);
+-}
+ #endif /* ! HAVE_ABSTRACT_SOCKETS */
+
+ /************************************************************************
+@@ -620,6 +563,7 @@
+ {
+ int fd;
+ struct sockaddr_un addr;
++ struct stat st;
+
+ fd = socket(PF_UNIX, SOCK_STREAM, 0);
+ if (fd < 0) {
+@@ -635,13 +579,18 @@
+ addr.sun_path[0] = '\0';
+ strncpy(&addr.sun_path[1], path, (sizeof(addr) - 4) - 2);
+ #else
+- /*
+- * if the socket is exposed at the filesystem level we need to take
+- * some extra protection checks. Also make sure the socket is created
+- * with restricted mode
+- */
+- if (!gam_check_secure_path(path)) {
++ if (! gam_check_secure_dir()) {
++ close(fd);
++ return (-1);
++ }
++
++ if (stat(path, &st) == 0) {
++ /* bind() will fail if the socket already exists */
++ if (unlink(path) < 0) {
++ GAM_DEBUG(DEBUG_INFO, "Failed to remove %s\n", path);
++ close(fd);
+ return (-1);
++ }
+ }
+ strncpy(&addr.sun_path[0], path, (sizeof(addr) - 4) - 1);
+ umask(0077);