From: Donnie Berkholz Date: Tue, 20 Jun 2006 16:18:26 +0000 (+0000) Subject: Security bump. Failure to check the return value of setuid() in a privileged process... X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=7d3f2480c7742dd24f43f0eb6d90395e0edcf71a;p=gentoo.git Security bump. Failure to check the return value of setuid() in a privileged process could be used by a local user for file overwriting and possible privilege escalation in corner cases. See lists.freedesktop.org/archives/xorg/2006-June/016146.html for more information. Package-Manager: portage-2.1.1_pre1-r1 --- diff --git a/x11-apps/xdm/ChangeLog b/x11-apps/xdm/ChangeLog index eaf721df03e1..32991997990f 100644 --- a/x11-apps/xdm/ChangeLog +++ b/x11-apps/xdm/ChangeLog @@ -1,6 +1,17 @@ # ChangeLog for x11-apps/xdm # Copyright 1999-2006 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/x11-apps/xdm/ChangeLog,v 1.45 2006/04/29 16:30:31 joshuabaergen Exp $ +# $Header: /var/cvsroot/gentoo-x86/x11-apps/xdm/ChangeLog,v 1.46 2006/06/20 16:15:20 spyderous Exp $ + +*xdm-1.0.4-r1 (20 Jun 2006) + + 20 Jun 2006; Donnie Berkholz ; + +files/xdm-1.0.4-setuid.diff, -xdm-1.0.3-r1.ebuild, -xdm-1.0.4.ebuild, + +xdm-1.0.4-r1.ebuild: + Security bump. Failure to check the return value of setuid() in a privileged + process could be used by a local user for file overwriting and possible + privilege escalation in corner cases. See + http://lists.freedesktop.org/archives/xorg/2006-June/016146.html for more + information. *xdm-1.0.4 (29 Apr 2006) @@ -13,6 +24,9 @@ 22 Apr 2006; Donnie Berkholz ; xdm-1.0.3-r1.ebuild: Update xinit dep to 1.0.2-r3, which has the right fixes for xdm speedup. + 21 Apr 2006; Donnie Berkholz ; xdm-1.0.3-r1.ebuild: + (#130673) Add dep on sessreg (Daniel Waeber). + 20 Apr 2006; Donnie Berkholz ; -files/digest-xdm-1.0.3: (#130593) Somehow an old digest managed to stick around and not end up in th diff --git a/x11-apps/xdm/files/digest-xdm-1.0.4-r1 b/x11-apps/xdm/files/digest-xdm-1.0.4-r1 new file mode 100644 index 000000000000..751dc08d6522 --- /dev/null +++ b/x11-apps/xdm/files/digest-xdm-1.0.4-r1 @@ -0,0 +1,3 @@ +MD5 aeed9697f27c0730a550a1ac7efdc189 xdm-1.0.4.tar.bz2 363486 +RMD160 fe4f62979d1f4fed394464e535544435c41fb8b3 xdm-1.0.4.tar.bz2 363486 +SHA256 d1c7a90da45ab38100c86311432832dcb968fd58bfc04007b3bcdb5446d6fb9b xdm-1.0.4.tar.bz2 363486 diff --git a/x11-apps/xdm/files/xdm-1.0.4-setuid.diff b/x11-apps/xdm/files/xdm-1.0.4-setuid.diff new file mode 100644 index 000000000000..b633792ad579 --- /dev/null +++ b/x11-apps/xdm/files/xdm-1.0.4-setuid.diff @@ -0,0 +1,44 @@ +Index: session.c +=================================================================== +RCS file: /cvs/xorg/app/xdm/session.c,v +retrieving revision 1.7 +diff -u -r1.7 session.c +--- session.c 3 Jun 2006 00:05:24 -0000 1.7 ++++ session.c 19 Jun 2006 21:30:50 -0000 +@@ -492,8 +492,14 @@ + else + ResetServer (d); + if (removeAuth) { +- setgid (verify.gid); +- setuid (verify.uid); ++ if (setgid (verify.gid) == -1) { ++ LogError( "SessionExit: setgid: %s\n", strerror(errno)); ++ exit(status); ++ } ++ if (setuid (verify.uid) == -1) { ++ LogError( "SessionExit: setuid: %s\n", strerror(errno)); ++ exit(status); ++ } + RemoveUserAuthorization (d, &verify); + #if defined(K5AUTH) && !defined(USE_PAM) /* PAM modules should handle this */ + /* do like "kdestroy" program */ +Index: xdmshell.c +=================================================================== +RCS file: /cvs/xorg/app/xdm/xdmshell.c,v +retrieving revision 1.3 +diff -u -r1.3 xdmshell.c +--- xdmshell.c 14 Jul 2005 22:58:25 -0000 1.3 ++++ xdmshell.c 19 Jun 2006 21:30:50 -0000 +@@ -183,7 +183,11 @@ + #endif + + /* make xdm run in a non-setuid environment */ +- setuid (geteuid()); ++ if (setuid (geteuid()) == -1) { ++ fprintf(stderr, "%s: cannot setuid (error %d, %s)\r\n", ++ ProgramName, errno, strerror(errno)); ++ exit(1); ++ } + + /* + * exec /usr/bin/X11/xdm -nodaemon -udpPort 0 diff --git a/x11-apps/xdm/xdm-1.0.4-r1.ebuild b/x11-apps/xdm/xdm-1.0.4-r1.ebuild new file mode 100644 index 000000000000..1c3a7e4c0b8a --- /dev/null +++ b/x11-apps/xdm/xdm-1.0.4-r1.ebuild @@ -0,0 +1,63 @@ +# Copyright 1999-2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/x11-apps/xdm/xdm-1.0.4-r1.ebuild,v 1.1 2006/06/20 16:15:20 spyderous Exp $ + +# Must be before x-modular eclass is inherited +#SNAPSHOT="yes" + +inherit multilib x-modular pam + +DEFAULTVT="vt7" + +DESCRIPTION="X.Org xdm application" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd" +IUSE="xprint ipv6 pam" +RDEPEND="x11-apps/xrdb + x11-libs/libXdmcp + x11-libs/libXaw + >=x11-apps/xinit-1.0.2-r3 + x11-libs/libX11 + x11-libs/libXt" +DEPEND="${RDEPEND} + x11-proto/xproto" + +PATCHES="${FILESDIR}/wtmp.patch + ${FILESDIR}/xwilling-hang.patch + ${FILESDIR}/${P}-setuid.diff" + +CONFIGURE_OPTIONS="$(use_enable xprint) + $(use_enable ipv6) + $(use_with pam) + --with-default-vt=${DEFAULTVT} + --with-xdmconfigdir=/etc/X11/xdm" + +pkg_setup() { + if use xprint && ! built_with_use x11-libs/libXaw xprint; then + die "Build x11-libs/libXaw with USE=xprint." + fi +} + +src_install() { + x-modular_src_install + exeinto /usr/$(get_libdir)/X11/xdm + doexe ${FILESDIR}/Xsession + newpamd ${FILESDIR}/xdm.pamd xdm +} + +pkg_preinst() { + x-modular_pkg_preinst + + # Check for leftover /usr/lib/X11/xdm symlink + if [[ -L "/usr/lib/X11/xdm" ]]; then + ewarn "/usr/lib/X11/xdm is a symlink; deleting." + rm /usr/lib/X11/xdm + fi +} + +pkg_postinst() { + x-modular_pkg_postinst + + ewarn "Install x11-apps/sessreg, or you won't be able to log in." + ewarn "It cannot be added as a dependency yet, because it isn't" + ewarn "tested on all architectures." +} diff --git a/x11-apps/xf86dga/ChangeLog b/x11-apps/xf86dga/ChangeLog index f0c00a304287..3f4710f0ab09 100644 --- a/x11-apps/xf86dga/ChangeLog +++ b/x11-apps/xf86dga/ChangeLog @@ -1,6 +1,17 @@ # ChangeLog for x11-apps/xf86dga # Copyright 1999-2006 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/x11-apps/xf86dga/ChangeLog,v 1.11 2006/02/14 21:14:18 corsair Exp $ +# $Header: /var/cvsroot/gentoo-x86/x11-apps/xf86dga/ChangeLog,v 1.12 2006/06/20 16:16:21 spyderous Exp $ + +*xf86dga-1.0.1-r1 (20 Jun 2006) + + 20 Jun 2006; Donnie Berkholz ; + +files/xf86dga-1.0.1-setuid.diff, -xf86dga-1.0.1.ebuild, + +xf86dga-1.0.1-r1.ebuild: + Security bump. Failure to check the return value of setuid() in a privileged + process could be used by a local user for file overwriting and possible + privilege escalation in corner cases. See + http://lists.freedesktop.org/archives/xorg/2006-June/016146.html for more + information. 14 Feb 2006; Markus Rothe xf86dga-1.0.1.ebuild: Added ~ppc64 diff --git a/x11-apps/xf86dga/files/digest-xf86dga-1.0.1-r1 b/x11-apps/xf86dga/files/digest-xf86dga-1.0.1-r1 new file mode 100644 index 000000000000..a1da0aab41b7 --- /dev/null +++ b/x11-apps/xf86dga/files/digest-xf86dga-1.0.1-r1 @@ -0,0 +1,3 @@ +MD5 0ee496f720bc98fee43108c88bb7f398 xf86dga-1.0.1.tar.bz2 75183 +RMD160 0689834c32f3bc20dafca299f135a3658bb79614 xf86dga-1.0.1.tar.bz2 75183 +SHA256 eded486132f243a7eed82859895bc23190e462b90d456d9580d649b771837245 xf86dga-1.0.1.tar.bz2 75183 diff --git a/x11-apps/xf86dga/files/xf86dga-1.0.1-setuid.diff b/x11-apps/xf86dga/files/xf86dga-1.0.1-setuid.diff new file mode 100644 index 000000000000..f923cd92a5b9 --- /dev/null +++ b/x11-apps/xf86dga/files/xf86dga-1.0.1-setuid.diff @@ -0,0 +1,27 @@ +Index: dga.c +=================================================================== +RCS file: /cvs/xorg/app/xf86dga/dga.c,v +retrieving revision 1.2 +diff -u -r1.2 dga.c +--- dga.c 23 Apr 2004 19:54:47 -0000 1.2 ++++ dga.c 19 Jun 2006 21:31:33 -0000 +@@ -16,6 +16,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -141,7 +142,10 @@ + + #ifndef __UNIXOS2__ + /* Give up root privs */ +- setuid(getuid()); ++ if (setuid(getuid()) == -1) { ++ fprintf(stderr, "Unable to change uid: %s\n", strerror(errno)); ++ exit(2); ++ } + #endif + + XF86DGASetViewPort(dis, DefaultScreen(dis), 0, 0); diff --git a/x11-apps/xf86dga/xf86dga-1.0.1-r1.ebuild b/x11-apps/xf86dga/xf86dga-1.0.1-r1.ebuild new file mode 100644 index 000000000000..0caed0e55182 --- /dev/null +++ b/x11-apps/xf86dga/xf86dga-1.0.1-r1.ebuild @@ -0,0 +1,16 @@ +# Copyright 1999-2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/x11-apps/xf86dga/xf86dga-1.0.1-r1.ebuild,v 1.1 2006/06/20 16:16:21 spyderous Exp $ + +# Must be before x-modular eclass is inherited +#SNAPSHOT="yes" + +inherit x-modular + +DESCRIPTION="X.Org xf86dga application" +KEYWORDS="~arm ~mips ~ppc64 ~s390 ~sparc ~x86" +RDEPEND="x11-libs/libX11 + x11-libs/libXxf86dga" +DEPEND="${RDEPEND}" + +PATCHES="${FILESDIR}/${P}-setuid.diff" diff --git a/x11-apps/xinit/ChangeLog b/x11-apps/xinit/ChangeLog index f9c2059e0342..db611c51e4ab 100644 --- a/x11-apps/xinit/ChangeLog +++ b/x11-apps/xinit/ChangeLog @@ -1,6 +1,17 @@ # ChangeLog for x11-apps/xinit # Copyright 1999-2006 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/x11-apps/xinit/ChangeLog,v 1.53 2006/06/11 22:06:50 joshuabaergen Exp $ +# $Header: /var/cvsroot/gentoo-x86/x11-apps/xinit/ChangeLog,v 1.54 2006/06/20 16:17:25 spyderous Exp $ + +*xinit-1.0.2-r6 (20 Jun 2006) + + 20 Jun 2006; Donnie Berkholz ; + +files/xinit-1.0.2-setuid.diff, -xinit-1.0.2-r5.ebuild, + +xinit-1.0.2-r6.ebuild: + Security bump. Failure to check the return value of setuid() in a privileged + process could be used by a local user for file overwriting and possible + privilege escalation in corner cases. See + http://lists.freedesktop.org/archives/xorg/2006-June/016146.html for more + information. *xinit-1.0.2-r5 (11 Jun 2006) diff --git a/x11-apps/xinit/files/digest-xinit-1.0.2-r6 b/x11-apps/xinit/files/digest-xinit-1.0.2-r6 new file mode 100644 index 000000000000..29ec40dd3a6d --- /dev/null +++ b/x11-apps/xinit/files/digest-xinit-1.0.2-r6 @@ -0,0 +1,3 @@ +MD5 d591fafe69b57969b0521c461073a01f xinit-1.0.2.tar.bz2 96536 +RMD160 b3ced92e7ffb1afc3880799ed18f584e7f58d048 xinit-1.0.2.tar.bz2 96536 +SHA256 254ee0f81384fb184229d73d546fb07344c5448bbd4f4a66fef595ae49f8f395 xinit-1.0.2.tar.bz2 96536 diff --git a/x11-apps/xinit/files/xinit-1.0.2-setuid.diff b/x11-apps/xinit/files/xinit-1.0.2-setuid.diff new file mode 100644 index 000000000000..277d0f5c77ea --- /dev/null +++ b/x11-apps/xinit/files/xinit-1.0.2-setuid.diff @@ -0,0 +1,19 @@ +Index: xinit.c +=================================================================== +RCS file: /cvs/xorg/app/xinit/xinit.c,v +retrieving revision 1.4 +diff -u -r1.4 xinit.c +--- xinit.c 4 Oct 2005 01:27:34 -0000 1.4 ++++ xinit.c 19 Jun 2006 21:31:58 -0000 +@@ -692,7 +692,10 @@ + startClient(char *client[]) + { + if ((clientpid = vfork()) == 0) { +- setuid(getuid()); ++ if (setuid(getuid()) == -1) { ++ Error("cannot change uid: %s\n", strerror(errno)); ++ _exit(ERR_EXIT); ++ } + setpgrp(0, getpid()); + environ = newenviron; + #ifdef __UNIXOS2__ diff --git a/x11-apps/xinit/xinit-1.0.2-r6.ebuild b/x11-apps/xinit/xinit-1.0.2-r6.ebuild new file mode 100644 index 000000000000..3e4c6eed1150 --- /dev/null +++ b/x11-apps/xinit/xinit-1.0.2-r6.ebuild @@ -0,0 +1,45 @@ +# Copyright 1999-2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/x11-apps/xinit/xinit-1.0.2-r6.ebuild,v 1.1 2006/06/20 16:17:25 spyderous Exp $ + +# Must be before x-modular eclass is inherited +# This is enabled due to modified Makefile.am from the patches +SNAPSHOT="yes" + +inherit x-modular pam + +DESCRIPTION="X.Org xinit application" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd" +RDEPEND="x11-libs/libX11 + x11-wm/twm + x11-apps/xclock + x11-apps/xrdb" +DEPEND="${RDEPEND}" +PDEPEND="x11-terms/xterm" +LICENSE="${LICENSE} GPL-2" + +PATCHES="${FILESDIR}/nolisten-tcp-and-black-background.patch + ${FILESDIR}/gentoo-startx-customization-0.99.4.patch + ${FILESDIR}/${P}-setuid.diff" + +src_unpack() { + x-modular_unpack_source + x-modular_patch_source + + sed -i -e "s:^XINITDIR.*:XINITDIR = \$(sysconfdir)/X11/xinit:g" ${S}/Makefile.am + + x-modular_reconf_source +} + +src_install() { + x-modular_src_install + exeinto /etc/X11 + doexe ${FILESDIR}/chooser.sh ${FILESDIR}/startDM.sh + exeinto /etc/X11/Sessions + doexe ${FILESDIR}/Xsession + exeinto /etc/X11/xinit + doexe ${FILESDIR}/xinitrc + newinitd ${FILESDIR}/xdm.start xdm + newconfd ${FILESDIR}/xdm.confd xdm + newpamd ${FILESDIR}/xserver.pamd xserver +} diff --git a/x11-apps/xload/ChangeLog b/x11-apps/xload/ChangeLog index 03573ba76c52..70f74fd7b2ee 100644 --- a/x11-apps/xload/ChangeLog +++ b/x11-apps/xload/ChangeLog @@ -1,6 +1,17 @@ # ChangeLog for x11-apps/xload # Copyright 1999-2006 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/x11-apps/xload/ChangeLog,v 1.12 2006/05/20 10:46:39 robbat2 Exp $ +# $Header: /var/cvsroot/gentoo-x86/x11-apps/xload/ChangeLog,v 1.13 2006/06/20 16:18:26 spyderous Exp $ + +*xload-1.0.1-r1 (20 Jun 2006) + + 20 Jun 2006; Donnie Berkholz ; + +files/xload-1.0.1-setuid.diff, -xload-1.0.1.ebuild, + +xload-1.0.1-r1.ebuild: + Security bump. Failure to check the return value of setuid() in a privileged + process could be used by a local user for file overwriting and possible + privilege escalation in corner cases. See + http://lists.freedesktop.org/archives/xorg/2006-June/016146.html for more + information. 20 May 2006; Robin H. Johnson xload-1.0.1.ebuild: Added ~ppc after testing. diff --git a/x11-apps/xload/files/digest-xload-1.0.1-r1 b/x11-apps/xload/files/digest-xload-1.0.1-r1 new file mode 100644 index 000000000000..4ac282ada8b6 --- /dev/null +++ b/x11-apps/xload/files/digest-xload-1.0.1-r1 @@ -0,0 +1,3 @@ +MD5 ba013813f9c21eb015559466f8d02a44 xload-1.0.1.tar.bz2 87468 +RMD160 9179267c9ab8eb64f36eccaa55ed7428c944f6c5 xload-1.0.1.tar.bz2 87468 +SHA256 8d51184d6b18eea2f64e0c5b88cd95edff8353ce6529e780f95b1f2347babbf2 xload-1.0.1.tar.bz2 87468 diff --git a/x11-apps/xload/files/xload-1.0.1-setuid.diff b/x11-apps/xload/files/xload-1.0.1-setuid.diff new file mode 100644 index 000000000000..da776c8d1435 --- /dev/null +++ b/x11-apps/xload/files/xload-1.0.1-setuid.diff @@ -0,0 +1,36 @@ +Index: xload.c +=================================================================== +RCS file: /cvs/xorg/app/xload/xload.c,v +retrieving revision 1.2 +diff -u -r1.2 xload.c +--- xload.c 23 Apr 2004 19:54:57 -0000 1.2 ++++ xload.c 19 Jun 2006 21:32:20 -0000 +@@ -34,7 +34,7 @@ + * xload - display system load average in a window + */ + +- ++#include + #include + #include + #include +@@ -162,8 +162,17 @@ + /* For security reasons, we reset our uid/gid after doing the necessary + system initialization and before calling any X routines. */ + InitLoadPoint(); +- setgid(getgid()); /* reset gid first while still (maybe) root */ +- setuid(getuid()); ++ /* reset gid first while still (maybe) root */ ++ if (setgid(getgid()) == -1) { ++ fprintf(stderr, "%s: setgid failed: %s\n", ++ ProgramName, strerror(errno)); ++ exit(1); ++ } ++ if (setuid(getuid()) == -1) { ++ fprintf(stderr, "%s: setuid failed: %s\n", ++ ProgramName, strerror(errno)); ++ exit(1); ++ } + + XtSetLanguageProc(NULL, (XtLanguageProc) NULL, NULL); + diff --git a/x11-apps/xload/xload-1.0.1-r1.ebuild b/x11-apps/xload/xload-1.0.1-r1.ebuild new file mode 100644 index 000000000000..85d9c5f1717d --- /dev/null +++ b/x11-apps/xload/xload-1.0.1-r1.ebuild @@ -0,0 +1,24 @@ +# Copyright 1999-2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/x11-apps/xload/xload-1.0.1-r1.ebuild,v 1.1 2006/06/20 16:18:26 spyderous Exp $ + +# Must be before x-modular eclass is inherited +#SNAPSHOT="yes" + +inherit x-modular + +DESCRIPTION="X.Org xload application" +KEYWORDS="~amd64 ~arm ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86" +IUSE="xprint" +RDEPEND="x11-libs/libXaw" +DEPEND="${RDEPEND}" + +CONFIGURE_OPTIONS="$(use_enable xprint)" + +PATCHES="${FILESDIR}/${P}-setuid.diff" + +pkg_setup() { + if use xprint && ! built_with_use x11-libs/libXaw xprint; then + die "Build x11-libs/libXaw with USE=xprint." + fi +}