Date: Tue, 25 Dec 2007 17:53:36 +0300 (MSK) From: Dmitry Marakasov <amdmi3@amdmi3.ru> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/119012: [PATCH] xorg-server: incorrect SUID option handling Message-ID: <20071225145336.42CE217030@hades.panopticon> Resent-Message-ID: <200712251500.lBPF03Ol034097@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 119012 >Category: ports >Synopsis: [PATCH] xorg-server: incorrect SUID option handling >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Tue Dec 25 15:00:03 UTC 2007 >Closed-Date: >Last-Modified: >Originator: Dmitry Marakasov >Release: FreeBSD 7.0-BETA4 i386 >Organization: >Environment: System: FreeBSD hades.panopticon 7.0-BETA4 FreeBSD 7.0-BETA4 #0: Thu Dec 20 13:28:17 MSK 2007 root@hades.panopticon:/usr/obj/usr/src/sys/HADES i386 >Description: When user has no NO_SUID_XSERVER=yes line in make.conf and turns off SUID option in xorg-server port, it will still be installed suid. The patch corrects this behavior. Before patch: SUID option in port | NO_SUID_XSERVER | result --------------------+-----------------+------- on | undefined | suid on | = YES | suid on | = NO | suid off | undefined | suid off | = YES | nosuid off | = NO | suid After patch: SUID option in port | NO_SUID_XSERVER | result --------------------+-----------------+------- on | undefined | suid on | = YES | nosuid on | = NO | suid off | undefined | nosuid off | = YES | nosuid off | = NO | nosuid Also it may be good to update the message displayed when x server is installed suid >How-To-Repeat: >Fix: --- xorg-server.patch begins here --- diff -ruN xorg-server.orig/Makefile xorg-server/Makefile --- xorg-server.orig/Makefile 2007-12-25 17:29:40.000000000 +0300 +++ xorg-server/Makefile 2007-12-25 17:35:02.000000000 +0300 @@ -7,7 +7,7 @@ PORTNAME= xorg-server PORTVERSION= 1.4 -PORTREVISION= 3 +PORTREVISION= 4 PORTEPOCH= 1 CATEGORIES= x11-servers MASTER_SITES= http://xorg.freedesktop.org/releases/individual/xserver/:fdo \ @@ -71,7 +71,7 @@ CONFIGURE_ARGS+= --enable-aiglx=no .endif -.if !defined(WITHOUT_SUID) || !defined(NO_SUID_XSERVER) || ${NO_SUID_XSERVER} == NO +.if !defined(WITHOUT_SUID) && (!defined(NO_SUID_XSERVER) || ${NO_SUID_XSERVER} == NO) CONFIGURE_ARGS+=--enable-install-setuid=yes .else CONFIGURE_ARGS+=--enable-install-setuid=no @@ -105,7 +105,7 @@ PLIST_SUB+= AMD64_I386_SPARC64="@comment " .endif -.if !defined(WITHOUT_SUID) || !defined(NO_SUID_XSERVER) || ${NO_SUID_XSERVER} == NO +.if !defined(WITHOUT_SUID) && (!defined(NO_SUID_XSERVER) || ${NO_SUID_XSERVER} == NO) pre-everything:: @${ECHO_MSG} "By default, the X Server installs as a set-user-id root binary. When run by" @${ECHO_MSG} "a normal user, it checks arguments and environment as done in the x11/wrapper" --- xorg-server.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071225145336.42CE217030>