From owner-freebsd-ports-bugs@FreeBSD.ORG Tue Dec 25 15:00:04 2007 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2672E16A420 for ; Tue, 25 Dec 2007 15:00:04 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 128DD13C459 for ; Tue, 25 Dec 2007 15:00:04 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id lBPF03Wh034098 for ; Tue, 25 Dec 2007 15:00:03 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id lBPF03Ol034097; Tue, 25 Dec 2007 15:00:03 GMT (envelope-from gnats) Resent-Date: Tue, 25 Dec 2007 15:00:03 GMT Resent-Message-Id: <200712251500.lBPF03Ol034097@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Dmitry Marakasov Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6DE0016A417 for ; Tue, 25 Dec 2007 14:53:39 +0000 (UTC) (envelope-from amdmi3@amdmi3.ru) Received: from cp65.agava.net (cp65.agava.net [89.108.66.215]) by mx1.freebsd.org (Postfix) with ESMTP id 3045E13C45B for ; Tue, 25 Dec 2007 14:53:39 +0000 (UTC) (envelope-from amdmi3@amdmi3.ru) Received: from [213.148.20.85] (helo=hive.panopticon) by cp65.agava.net with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.63 (FreeBSD)) (envelope-from ) id 1J7BBA-000LK6-Bc for FreeBSD-gnats-submit@freebsd.org; Tue, 25 Dec 2007 17:54:48 +0300 Received: from hades.panopticon (hades.panopticon [192.168.0.32]) by hive.panopticon (Postfix) with ESMTP id D270C5CFC for ; Tue, 25 Dec 2007 17:53:26 +0300 (MSK) Received: by hades.panopticon (Postfix, from userid 1000) id 42CE217030; Tue, 25 Dec 2007 17:53:36 +0300 (MSK) Message-Id: <20071225145336.42CE217030@hades.panopticon> Date: Tue, 25 Dec 2007 17:53:36 +0300 (MSK) From: Dmitry Marakasov To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: ports/119012: [PATCH] xorg-server: incorrect SUID option handling X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Dmitry Marakasov List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Dec 2007 15:00:04 -0000 >Number: 119012 >Category: ports >Synopsis: [PATCH] xorg-server: incorrect SUID option handling >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Tue Dec 25 15:00:03 UTC 2007 >Closed-Date: >Last-Modified: >Originator: Dmitry Marakasov >Release: FreeBSD 7.0-BETA4 i386 >Organization: >Environment: System: FreeBSD hades.panopticon 7.0-BETA4 FreeBSD 7.0-BETA4 #0: Thu Dec 20 13:28:17 MSK 2007 root@hades.panopticon:/usr/obj/usr/src/sys/HADES i386 >Description: When user has no NO_SUID_XSERVER=yes line in make.conf and turns off SUID option in xorg-server port, it will still be installed suid. The patch corrects this behavior. Before patch: SUID option in port | NO_SUID_XSERVER | result --------------------+-----------------+------- on | undefined | suid on | = YES | suid on | = NO | suid off | undefined | suid off | = YES | nosuid off | = NO | suid After patch: SUID option in port | NO_SUID_XSERVER | result --------------------+-----------------+------- on | undefined | suid on | = YES | nosuid on | = NO | suid off | undefined | nosuid off | = YES | nosuid off | = NO | nosuid Also it may be good to update the message displayed when x server is installed suid >How-To-Repeat: >Fix: --- xorg-server.patch begins here --- diff -ruN xorg-server.orig/Makefile xorg-server/Makefile --- xorg-server.orig/Makefile 2007-12-25 17:29:40.000000000 +0300 +++ xorg-server/Makefile 2007-12-25 17:35:02.000000000 +0300 @@ -7,7 +7,7 @@ PORTNAME= xorg-server PORTVERSION= 1.4 -PORTREVISION= 3 +PORTREVISION= 4 PORTEPOCH= 1 CATEGORIES= x11-servers MASTER_SITES= http://xorg.freedesktop.org/releases/individual/xserver/:fdo \ @@ -71,7 +71,7 @@ CONFIGURE_ARGS+= --enable-aiglx=no .endif -.if !defined(WITHOUT_SUID) || !defined(NO_SUID_XSERVER) || ${NO_SUID_XSERVER} == NO +.if !defined(WITHOUT_SUID) && (!defined(NO_SUID_XSERVER) || ${NO_SUID_XSERVER} == NO) CONFIGURE_ARGS+=--enable-install-setuid=yes .else CONFIGURE_ARGS+=--enable-install-setuid=no @@ -105,7 +105,7 @@ PLIST_SUB+= AMD64_I386_SPARC64="@comment " .endif -.if !defined(WITHOUT_SUID) || !defined(NO_SUID_XSERVER) || ${NO_SUID_XSERVER} == NO +.if !defined(WITHOUT_SUID) && (!defined(NO_SUID_XSERVER) || ${NO_SUID_XSERVER} == NO) pre-everything:: @${ECHO_MSG} "By default, the X Server installs as a set-user-id root binary. When run by" @${ECHO_MSG} "a normal user, it checks arguments and environment as done in the x11/wrapper" --- xorg-server.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted: