Date: Sun, 19 Oct 1997 10:26:13 +0900 (JST) From: sanpei@yy.cs.keio.ac.jp To: FreeBSD-gnats-submit@FreeBSD.ORG Subject: ports/4798: setuid-root Xserver problem Message-ID: <199710190126.KAA00580@fumi.yy.cs.keio.ac.jp> Resent-Message-ID: <199710190130.SAA14145@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 4798
>Category: ports
>Synopsis: setuid-root Xserver problem
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports
>State: open
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sat Oct 18 18:30:00 PDT 1997
>Last-Modified:
>Originator: MIHIRA Yoshiro
>Organization:
Keio Univ.
>Release: FreeBSD 2.2.5-971015-BETA i386
>Environment:
2.2.2-RELEASE and 2.2.5-BETA
>Description:
xterm and kterm(kanji term) had setuid-root problem.
They were fixed by original source(xterm) and `ports/4789'(kterm).
But I think Xserver of XFree86 3.2 and later also and still
has same setuid-root problem.
I fix it as below patch.
Yoshiro MIHIRA
>How-To-Repeat:
o HOME directory NFS server, run xterm(2.2.2-RELEASE):
/etc/exports
/usr/home nfs-client
o NFS client, Xserver(2.2.5-BETA):
% mount -t nfs nfs-server:/usr/home /mnt
o user home directory is in /mnt.
o setting up xauth.
o start Xserver on NFS client.
% xinit -- -auth $HOME/.Xauthority
o run xterm on NFS server to Xserver
on NFS server
% setenv DISPLAY nfs-client:0.0
% xterm
Xlib: connection to "nfs-client:0.0" refused by server
Xlib: Invalid MIT-MAGIC-COOKIE-1 key
Error: Can't open display: nfs-client:0.0
>Fix:
patch for XFree86
--- xc/programs/Xserver/os/auth.c.org Sun Dec 22 12:33:21 1996
+++ xc/programs/Xserver/os/auth.c Sun Oct 19 10:08:34 1997
@@ -51,6 +51,21 @@
#include "Xw32defs.h"
#endif
+#if !defined(MINIX) && !defined(WIN32)
+#include <sys/param.h> /* for NOFILE */
+#endif
+
+#if (BSD >= 199103)
+#define USE_POSIX_WAIT
+#define HAS_POSIX_SAVED_IDS
+#endif
+
+#ifdef HAS_POSIX_SAVED_IDS
+#include <unistd.h>
+#include <sys/types.h>
+#include <errno.h>
+#endif /* HAS_POSIX_SAVED_IDS */
+
struct protocol {
unsigned short name_length;
char *name;
@@ -169,10 +184,28 @@
Xauth *auth;
int i;
int count = 0;
+#ifdef HAS_POSIX_SAVED_IDS
+ uid_t euid = geteuid();
+ gid_t egid = getegid();
+ uid_t ruid = getuid();
+ gid_t rgid = getgid();
+#endif /* HAS_POSIX_SAVED_IDS */
ShouldLoadAuth = FALSE;
+
if (!authorization_file)
return 0;
+
+#ifdef HAS_POSIX_SAVED_IDS
+ if (setegid(rgid) == -1)
+ (void) fprintf(stderr, "setegid(%d): %s\n",
+ (int) rgid, strerror(errno));
+
+ if (seteuid(ruid) == -1)
+ (void) fprintf(stderr, "seteuid(%d): %s\n",
+ (int) ruid, strerror(errno));
+#endif /* HAS_POSIX_SAVED_IDS */
+
f = fopen (authorization_file, "r");
if (!f)
return 0;
@@ -190,6 +223,16 @@
XauDisposeAuth (auth);
}
fclose (f);
+#ifdef HAS_POSIX_SAVED_IDS
+ if (seteuid(euid) == -1)
+ (void) fprintf(stderr, "seteuid(%d): %s\n",
+ (int) euid, strerror(errno));
+
+ if (setegid(egid) == -1)
+ (void) fprintf(stderr, "setegid(%d): %s\n",
+ (int) egid, strerror(errno));
+#endif
+
return count;
}
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199710190126.KAA00580>