rpms/xorg-x11-server/devel xorg-xserver-1.1.0-setuid.diff, NONE, 1.1 xorg-x11-server.spec, 1.98, 1.99
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Wed Jun 21 09:37:19 UTC 2006
Author: mharris
Update of /cvs/dist/rpms/xorg-x11-server/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv12024
Modified Files:
xorg-x11-server.spec
Added Files:
xorg-xserver-1.1.0-setuid.diff
Log Message:
* Tue Jun 20 2006 Mike A. Harris <mharris at redhat.com> 1.1.0-22
- Added xorg-xserver-1.1.0-setuid.diff to fix potential security issue (#196094)
xorg-xserver-1.1.0-setuid.diff:
hw/xfree86/common/xf86Init.c | 6 +++++-
hw/xfree86/os-support/shared/libc_wrapper.c | 5 ++++-
hw/xfree86/parser/write.c | 5 ++++-
os/utils.c | 18 ++++++++++++------
4 files changed, 25 insertions(+), 9 deletions(-)
--- NEW FILE xorg-xserver-1.1.0-setuid.diff ---
Index: hw/xfree86/common/xf86Init.c
===================================================================
RCS file: /cvs/xorg/xserver/xorg/hw/xfree86/common/xf86Init.c,v
retrieving revision 1.33.2.2
diff -u -u -r1.33.2.2 xf86Init.c
--- hw/xfree86/common/xf86Init.c 9 May 2006 18:04:19 -0000 1.33.2.2
+++ hw/xfree86/common/xf86Init.c 20 Jun 2006 08:33:03 -0000
@@ -1905,7 +1905,11 @@
FatalError("xf86RunVtInit: fork failed (%s)\n", strerror(errno));
break;
case 0: /* child */
- setuid(getuid());
+ if (setuid(getuid()) == -1) {
+ xf86Msg(X_ERROR, "xf86RunVtInit: setuid failed (%s)\n",
+ strerror(errno));
+ exit(255);
+ }
/* set stdin, stdout to the consoleFd */
for (i = 0; i < 2; i++) {
if (xf86Info.consoleFd != i) {
Index: hw/xfree86/os-support/shared/libc_wrapper.c
===================================================================
RCS file: /cvs/xorg/xserver/xorg/hw/xfree86/os-support/shared/libc_wrapper.c,v
retrieving revision 1.11
diff -u -u -r1.11 libc_wrapper.c
--- hw/xfree86/os-support/shared/libc_wrapper.c 25 Mar 2006 19:52:04 -0000 1.11
+++ hw/xfree86/os-support/shared/libc_wrapper.c 20 Jun 2006 08:33:03 -0000
@@ -1270,7 +1270,10 @@
#ifndef SELF_CONTAINED_WRAPPER
xf86DisableIO();
#endif
- setuid(getuid());
+ if (setuid(getuid()) == -1) {
+ ErrorF("xf86Execl: setuid() failed: %s\n", strerror(errno));
+ exit(255);
+ }
#if !defined(SELF_CONTAINED_WRAPPER)
/* set stdin, stdout to the consoleFD, and leave stderr alone */
for (i = 0; i < 2; i++)
Index: hw/xfree86/parser/write.c
===================================================================
RCS file: /cvs/xorg/xserver/xorg/hw/xfree86/parser/write.c,v
retrieving revision 1.3
diff -u -u -r1.3 write.c
--- hw/xfree86/parser/write.c 3 Jul 2005 07:01:37 -0000 1.3
+++ hw/xfree86/parser/write.c 20 Jun 2006 08:33:03 -0000
@@ -170,7 +170,10 @@
strerror(errno));
return 0;
case 0: /* child */
- setuid(getuid());
+ if (setuid(getuid() == -1)
+ FatalError("xf86writeConfigFile(): "
+ "setuid failed(%s)\n",
+ strerror(errno));
ret = doWriteConfigFile(filename, cptr);
exit(ret);
break;
Index: os/utils.c
===================================================================
RCS file: /cvs/xorg/xserver/xorg/os/utils.c,v
retrieving revision 1.25
diff -u -u -r1.25 utils.c
--- os/utils.c 25 Mar 2006 19:52:05 -0000 1.25
+++ os/utils.c 20 Jun 2006 08:33:04 -0000
@@ -1721,8 +1721,10 @@
case -1: /* error */
p = -1;
case 0: /* child */
- setgid(getgid());
- setuid(getuid());
+ if (setgid(getgid()) == -1)
+ _exit(127);
+ if (setuid(getuid()) == -1)
+ _exit(127);
execl("/bin/sh", "sh", "-c", command, (char *)NULL);
_exit(127);
default: /* parent */
@@ -1773,8 +1775,10 @@
xfree(cur);
return NULL;
case 0: /* child */
- setgid(getgid());
- setuid(getuid());
+ if (setgid(getgid()) == -1)
+ _exit(127);
+ if (setuid(getuid()) == -1)
+ _exit(127);
if (*type == 'r') {
if (pdes[1] != 1) {
/* stdout */
@@ -1848,8 +1852,10 @@
xfree(cur);
return NULL;
case 0: /* child */
- setgid(getgid());
- setuid(getuid());
+ if (setgid(getgid()) == -1)
+ _exit(127);
+ if (setuid(getuid()) == -1)
+ _exit(127);
if (*type == 'r') {
if (pdes[1] != 1) {
/* stdout */
Index: xorg-x11-server.spec
===================================================================
RCS file: /cvs/dist/rpms/xorg-x11-server/devel/xorg-x11-server.spec,v
retrieving revision 1.98
retrieving revision 1.99
diff -u -r1.98 -r1.99
--- xorg-x11-server.spec 21 Jun 2006 00:12:03 -0000 1.98
+++ xorg-x11-server.spec 21 Jun 2006 09:37:16 -0000 1.99
@@ -4,7 +4,7 @@
Summary: X.Org X11 X server
Name: xorg-x11-server
Version: 1.1.0
-Release: 21
+Release: 22
URL: http://www.x.org
License: MIT/X11
Group: User Interface/X
@@ -21,6 +21,7 @@
# https://bugs.freedesktop.org/show_bug.cgi?id=6010
Patch6: xserver-1.0.1-randr-sdk.patch
Patch7: xorg-x11-server-1.1.0-ppc64-build-fix.patch
+Patch8: ftp://ftp.freedesktop.org/pub/xorg/X11R7.1/patches/xorg-xserver-1.1.0-setuid.diff
# Spiffiffity/compiz feature/optimization patches.
Patch100: xorg-server-1.0.99.2-spiffiffity.patch
@@ -294,6 +295,7 @@
%patch3 -p0 -b .parser-add-missing-headers-to-sdk
%patch6 -p1 -b .randrsdk
%patch7 -p1 -b .ppc64
+%patch8 -p0 -b .setuid
%patch100 -p0 -b .spiffiffity
%patch101 -p0 -b .gl-include-inferiors
@@ -637,7 +639,10 @@
# -------------------------------------------------------------------
%changelog
-* Tue Jun 20 2006 Kristian Høgsberg <krh at redhat.com> - 1.1.0-21
+* Tue Jun 20 2006 Mike A. Harris <mharris at redhat.com> 1.1.0-22
+- Added xorg-xserver-1.1.0-setuid.diff to fix potential security issue (#196094)
+
+* Tue Jun 20 2006 Kristian Høgsberg <krh at redhat.com> 1.1.0-21
- Update xorg-x11-server-1.1.0-tfp-damage.patch to use glTexSubImage2D
to only update the part of the texture that changed, based on damage
regions.
More information about the fedora-cvs-commits
mailing list