[Pkg-xfce-commits] r6021 - in goodies/trunk/lightdm/debian: . patches

Yves-Alexis Perez corsac at alioth.debian.org
Tue Sep 13 02:22:55 UTC 2011 

Author: corsac
Date: 2011-09-13 14:22:55 +0000 (Tue, 13 Sep 2011)
New Revision: 6021

Added:
   goodies/trunk/lightdm/debian/patches/06_drop-privileges-before-writing-user-files.patch
Modified:
   goodies/trunk/lightdm/debian/changelog
   goodies/trunk/lightdm/debian/patches/series
Log:
06_drop-privileges-before-writing-user-files cherry-picked from Martin
Pitt merge request. Don't write user files as root to prevent symlinks
attacks [CVE-2011-3349]                                   closes: #639151

Modified: goodies/trunk/lightdm/debian/changelog
===================================================================
--- goodies/trunk/lightdm/debian/changelog	2011-09-13 11:48:53 UTC (rev 6020)
+++ goodies/trunk/lightdm/debian/changelog	2011-09-13 14:22:55 UTC (rev 6021)
@@ -7,6 +7,9 @@
     - 05_always-export-XAUTHORITY dropped, included upstream. 
     - 05_dont-add-pkglibexecdir-path added, don't add /usr/lib/lightdm/lightdm
       to the PATH, it's ugly.
+    - 06_drop-privileges-before-writing-user-files cherry-picked from Martin
+      Pitt merge request. Don't write user files as root to prevent symlinks
+      attacks [CVE-2011-3349]                                   closes: #639151
   * debian/rules:
     - don't install gdmflexiserver script for now until the PATH issue is
       solved.

Added: goodies/trunk/lightdm/debian/patches/06_drop-privileges-before-writing-user-files.patch
===================================================================
--- goodies/trunk/lightdm/debian/patches/06_drop-privileges-before-writing-user-files.patch	                        (rev 0)
+++ goodies/trunk/lightdm/debian/patches/06_drop-privileges-before-writing-user-files.patch	2011-09-13 14:22:55 UTC (rev 6021)
@@ -0,0 +1,106 @@
+=== modified file 'src/dmrc.c'
+Index: lightdm-0.9.5/src/dmrc.c
+===================================================================
+--- lightdm-0.9.5.orig/src/dmrc.c	2011-07-20 05:54:37.000000000 +0200
++++ lightdm-0.9.5/src/dmrc.c	2011-09-13 16:20:50.731421337 +0200
+@@ -9,6 +9,8 @@
+  * license.
+  */
+ 
++/* for setres*id() */
++#define _GNU_SOURCE
+ #include <errno.h>
+ #include <string.h>
+ #include <unistd.h>
+@@ -80,11 +82,22 @@
+     /* Update the users .dmrc */
+     if (user)
+     {
++	gboolean drop_privs = (geteuid () == 0);
++
++	/* Guard against privilege escalation through symlinks, etc. */
++	if (drop_privs)
++	{
++	    g_assert (setresgid (user_get_gid (user), user_get_gid (user), -1) == 0);
++	    g_assert (setresuid (user_get_uid (user), user_get_uid (user), -1) == 0);
++	}
+         path = g_build_filename (user_get_home_directory (user), ".dmrc", NULL);
+         g_file_set_contents (path, data, length, NULL);
+-        if (getuid () == 0 && chown (path, user_get_uid (user), user_get_gid (user)) < 0)
+-            g_warning ("Error setting ownership on %s: %s", path, strerror (errno));
+         g_free (path);
++	if (drop_privs)
++	{
++	    g_assert (setresuid (0, 0, -1) == 0);
++	    g_assert (setresgid (0, 0, -1) == 0);
++	}
+     }
+ 
+     /* Update the .dmrc cache */
+Index: lightdm-0.9.5/src/xauthority.c
+===================================================================
+--- lightdm-0.9.5.orig/src/xauthority.c	2011-09-07 07:16:54.000000000 +0200
++++ lightdm-0.9.5/src/xauthority.c	2011-09-13 16:20:50.731421337 +0200
+@@ -9,6 +9,8 @@
+  * license.
+  */
+ 
++/* for setres*id() */
++#define _GNU_SOURCE
+ #include <string.h>
+ #include <errno.h>
+ #include <unistd.h>
+@@ -244,6 +246,16 @@
+     XAuthority *a;
+     gboolean result;
+     gboolean matched = FALSE;
++    gboolean drop_privs = (user && geteuid () == 0);
++    gboolean retval = FALSE;
++
++    /* Guard against privilege escalation through symlinks, etc. */
++    if (drop_privs)
++    {
++	g_debug ("Dropping privileges to uid %i", user_get_uid (user));
++	g_assert (setresgid (user_get_gid (user), user_get_gid (user), -1) == 0);
++	g_assert (setresuid (user_get_uid (user), user_get_uid (user), -1) == 0);
++    }
+ 
+     /* Read out existing records */
+     if (mode != XAUTH_WRITE_MODE_SET)
+@@ -317,7 +329,7 @@
+ 
+     output_stream = g_file_replace (file, NULL, FALSE, G_FILE_CREATE_PRIVATE, NULL, error);
+     if (!output_stream)
+-        return FALSE;
++        goto out;
+ 
+     /* Workaround because g_file_replace () generates a file does not exist error even though it can replace it */
+     g_clear_error (error);
+@@ -345,18 +357,18 @@
+     g_object_unref (output_stream);
+ 
+     if (!result)
+-        return FALSE;
++        goto out;
+ 
+-    /* NOTE: Would like to do:
+-     * g_file_set_attribute_string (file, G_FILE_ATTRIBUTE_OWNER_USER, username, G_FILE_QUERY_INFO_NONE, NULL, error))
+-     * but not supported. */
+-    if (user && getuid () == 0)
++    retval = TRUE;
++  
++out:
++    /* reclaim privileges */
++    if (drop_privs)
+     {
+-        if (chown (g_file_get_path (file), user_get_uid (user), user_get_gid (user)) < 0)
+-            g_warning ("Failed to set authorization owner: %s", strerror (errno));
++	g_assert (setresuid (0, 0, -1) == 0);
++	g_assert (setresgid (0, 0, -1) == 0);
+     }
+-  
+-    return TRUE;
++    return retval;
+ }
+ 
+ static void

Modified: goodies/trunk/lightdm/debian/patches/series
===================================================================
--- goodies/trunk/lightdm/debian/patches/series	2011-09-13 11:48:53 UTC (rev 6020)
+++ goodies/trunk/lightdm/debian/patches/series	2011-09-13 14:22:55 UTC (rev 6021)
@@ -3,3 +3,4 @@
 03_quit-plymouth.patch
 04_default-gtk-greeter-config.patch
 05_dont-add-pkglibexecdir-path.patch
+06_drop-privileges-before-writing-user-files.patch

More information about the Pkg-xfce-commits mailing list