diff options
| author | Joe Marcus Clarke <marcus@FreeBSD.org> | 2005-06-27 17:24:41 +0000 |
|---|---|---|
| committer | Joe Marcus Clarke <marcus@FreeBSD.org> | 2005-06-27 17:24:41 +0000 |
| commit | 56b16f35a71c3b2925406479ccb7a46366c21734 (patch) | |
| tree | 8ff6f5968413138211334ae2e4c28e6005210e83 /x11/gdm/files | |
| parent | 7c00feef41d3b41dabc8f9c9d794404614a413cc (diff) | |
| download | ports-56b16f35a71c3b2925406479ccb7a46366c21734.tar.gz ports-56b16f35a71c3b2925406479ccb7a46366c21734.zip | |
Correct a severe security issue if a user without a home directory logs in
via GDM. In such a case, the user would have had root:gdm privileges.
This is now fixed by correctly changing back to the user's uid:gid.
Submitted by: Pawel Worach <pawel.worach@gmail.com>
Obtained from: http://bugzilla.gnome.org/show_bug.cgi?id=308050
Security: This fixes a potential privilege escalation problem
Notes
Notes:
svn path=/head/; revision=138071
Diffstat (limited to 'x11/gdm/files')
| -rw-r--r-- | x11/gdm/files/patch-daemon_slave.c | 49 |
1 files changed, 41 insertions, 8 deletions
diff --git a/x11/gdm/files/patch-daemon_slave.c b/x11/gdm/files/patch-daemon_slave.c index 5a1a3aca7309..56a5074e18a7 100644 --- a/x11/gdm/files/patch-daemon_slave.c +++ b/x11/gdm/files/patch-daemon_slave.c @@ -1,17 +1,50 @@ ---- daemon/slave.c.orig Sat Jun 11 00:44:02 2005 -+++ daemon/slave.c Sat Jun 11 00:45:58 2005 -@@ -4058,14 +4058,6 @@ - home_dir = pwent->pw_dir; +--- daemon/slave.c.orig Fri May 6 17:05:17 2005 ++++ daemon/slave.c Sun Jun 26 15:53:00 2005 +@@ -4014,6 +4014,10 @@ + } ++ /* ++ * Set euid, gid to user before testing for user's $HOME since root ++ * does not always have access to the user's $HOME directory. ++ */ + if G_UNLIKELY (setegid (pwent->pw_gid) != 0 || + seteuid (pwent->pw_uid) != 0) { + gdm_error ("Cannot set effective user/group id"); +@@ -4033,6 +4037,7 @@ + "you use a failsafe session."), + ve_sure_string (pwent->pw_dir)); + ++ /* Set euid, egid to root:gdm to manage user interaction */ + seteuid (0); + setegid (GdmGroupId); + +@@ -4051,19 +4056,20 @@ + + g_free (msg); + ++ /* Reset euid, egid back to user */ ++ if G_UNLIKELY (setegid (pwent->pw_gid) != 0 || ++ seteuid (pwent->pw_uid) != 0) { ++ gdm_error ("Cannot set effective user/group id"); ++ gdm_verify_cleanup (d); ++ session_started = FALSE; ++ return; ++ } ++ + home_dir_ok = FALSE; + home_dir = "/"; + } else { + home_dir_ok = TRUE; + home_dir = pwent->pw_dir; +- } +- - if G_UNLIKELY (setegid (pwent->pw_gid) != 0 || - seteuid (pwent->pw_uid) != 0) { - gdm_error ("Cannot set effective user/group id"); - gdm_verify_cleanup (d); - session_started = FALSE; - return; -- } -- + } + if G_LIKELY (home_dir_ok) { - /* Sanity check on ~user/.dmrc */ - usrcfgok = gdm_file_check ("gdm_slave_session_start", pwent->pw_uid, |