X Strike Force SVN commit: rev 479 - branches/4.1.0/woody/debian/patches

To: debian-x@lists.debian.org
Subject: X Strike Force SVN commit: rev 479 - branches/4.1.0/woody/debian/patches
From: X Strike Force SVN Admin <branden@debian.org>
Date: Wed, 3 Sep 2003 19:40:05 -0500 (EST)
Message-id: <[🔎] 20030904004005.312495C05A@necrotic.deadbeast.net>
Reply-to: debian-x@lists.debian.org

Author: branden
Date: 2003-09-03 19:39:56 -0500 (Wed, 03 Sep 2003)
New Revision: 479

Modified:
   branches/4.1.0/woody/debian/patches/071_SECURITY_improved_MIT-SHM_fix.diff
Log:
debian/patches/071_SECURITY_improved_MIT-SHM_fix.diff: didn't remove enough
  code when backporting this patch; I had left in some of the old, bad fix


Modified: branches/4.1.0/woody/debian/patches/071_SECURITY_improved_MIT-SHM_fix.diff
===================================================================
--- branches/4.1.0/woody/debian/patches/071_SECURITY_improved_MIT-SHM_fix.diff	2003-09-04 00:23:24 UTC (rev 478)
+++ branches/4.1.0/woody/debian/patches/071_SECURITY_improved_MIT-SHM_fix.diff	2003-09-04 00:39:56 UTC (rev 479)
@@ -34,8 +34,8 @@
  Next, attach this shared memory segment to your process:
  .Cs
  shminfo.shmaddr = image->data = shmat (shminfo.shmid, 0, 0);
---- xc/programs/Xserver/Xext/shm.c~	2003-09-02 18:37:00.000000000 -0500
-+++ xc/programs/Xserver/Xext/shm.c	2003-09-02 18:39:07.000000000 -0500
+--- xc/programs/Xserver/Xext/shm.c~	2003-09-03 19:32:08.000000000 -0500
++++ xc/programs/Xserver/Xext/shm.c	2003-09-03 19:37:06.000000000 -0500
 @@ -33,6 +33,7 @@
  #include <ipc.h>
  #include <shm.h>
@@ -125,41 +125,46 @@
  
  static int
  ProcShmAttach(client)
-@@ -409,10 +406,8 @@
+@@ -407,12 +404,6 @@
+     struct shmid_ds buf;
+     ShmDescPtr shmdesc;
      REQUEST(xShmAttachReq);
-     uid_t ruid;
-     gid_t rgid;
+-    uid_t ruid;
+-    gid_t rgid;
 -#ifdef HAS_SAVED_IDS_AND_SETEUID
-     uid_t euid;
-     gid_t egid;
+-    uid_t euid;
+-    gid_t egid;
 -#endif
  
      REQUEST_SIZE_MATCH(xShmAttachReq);
      LEGAL_NEW_RESOURCE(stuff->shmseg, client);
-@@ -438,7 +433,6 @@
+@@ -436,44 +427,25 @@
+ 	shmdesc = (ShmDescPtr) xalloc(sizeof(ShmDescRec));
+ 	if (!shmdesc)
  	    return BadAlloc;
- 	ruid = getuid();
- 	rgid = getgid();
+-	ruid = getuid();
+-	rgid = getgid();
 -#ifdef HAS_SAVED_IDS_AND_SETEUID
- 	euid = geteuid();
- 	egid = getegid();
- 
-@@ -448,32 +442,31 @@
- 		return BadAccess;
- 	    }
- 	}
+-	euid = geteuid();
+-	egid = getegid();
+-
+-	if (euid != ruid || egid != rgid) {
+-	    /* Temporarly switch back to real ids */
+-	    if (seteuid(ruid) == -1 || setegid(rgid) == -1) {
+-		return BadAccess;
+-	    }
+-	}
 -#endif
  	shmdesc->addr = shmat(stuff->shmid, 0,
  			      stuff->readOnly ? SHM_RDONLY : 0);
 -#ifdef HAS_SAVED_IDS_AND_SETEUID
- 	if (euid != ruid || egid != rgid) {
- 	    /* Switch back to root privs */
- 	    if (seteuid(euid) == -1 || setegid(egid) == -1) {
- 		return BadAccess;
- 	    }
+-	if (euid != ruid || egid != rgid) {
+-	    /* Switch back to root privs */
+-	    if (seteuid(euid) == -1 || setegid(egid) == -1) {
+-		return BadAccess;
+-	    }
 -	} 
 -#endif
-+	}
  	if ((shmdesc->addr == ((char *)-1)) ||
  	    shmctl(stuff->shmid, IPC_STAT, &buf))
  	{

Reply to:

Prev by Date: Bug#208609: xspecs: Please include XKB
Next by Date: X Strike Force SVN commit: rev 480 - branches/4.1.0/woody/debian
Previous by thread: Bug#208609: xspecs: Please include XKB
Next by thread: X Strike Force SVN commit: rev 480 - branches/4.1.0/woody/debian
Index(es):
- Date
- Thread