X Strike Force SVN commit: rev 479 - branches/4.1.0/woody/debian/patches
Author: branden
Date: 2003-09-03 19:39:56 -0500 (Wed, 03 Sep 2003)
New Revision: 479
Modified:
branches/4.1.0/woody/debian/patches/071_SECURITY_improved_MIT-SHM_fix.diff
Log:
debian/patches/071_SECURITY_improved_MIT-SHM_fix.diff: didn't remove enough
code when backporting this patch; I had left in some of the old, bad fix
Modified: branches/4.1.0/woody/debian/patches/071_SECURITY_improved_MIT-SHM_fix.diff
===================================================================
--- branches/4.1.0/woody/debian/patches/071_SECURITY_improved_MIT-SHM_fix.diff 2003-09-04 00:23:24 UTC (rev 478)
+++ branches/4.1.0/woody/debian/patches/071_SECURITY_improved_MIT-SHM_fix.diff 2003-09-04 00:39:56 UTC (rev 479)
@@ -34,8 +34,8 @@
Next, attach this shared memory segment to your process:
.Cs
shminfo.shmaddr = image->data = shmat (shminfo.shmid, 0, 0);
---- xc/programs/Xserver/Xext/shm.c~ 2003-09-02 18:37:00.000000000 -0500
-+++ xc/programs/Xserver/Xext/shm.c 2003-09-02 18:39:07.000000000 -0500
+--- xc/programs/Xserver/Xext/shm.c~ 2003-09-03 19:32:08.000000000 -0500
++++ xc/programs/Xserver/Xext/shm.c 2003-09-03 19:37:06.000000000 -0500
@@ -33,6 +33,7 @@
#include <ipc.h>
#include <shm.h>
@@ -125,41 +125,46 @@
static int
ProcShmAttach(client)
-@@ -409,10 +406,8 @@
+@@ -407,12 +404,6 @@
+ struct shmid_ds buf;
+ ShmDescPtr shmdesc;
REQUEST(xShmAttachReq);
- uid_t ruid;
- gid_t rgid;
+- uid_t ruid;
+- gid_t rgid;
-#ifdef HAS_SAVED_IDS_AND_SETEUID
- uid_t euid;
- gid_t egid;
+- uid_t euid;
+- gid_t egid;
-#endif
REQUEST_SIZE_MATCH(xShmAttachReq);
LEGAL_NEW_RESOURCE(stuff->shmseg, client);
-@@ -438,7 +433,6 @@
+@@ -436,44 +427,25 @@
+ shmdesc = (ShmDescPtr) xalloc(sizeof(ShmDescRec));
+ if (!shmdesc)
return BadAlloc;
- ruid = getuid();
- rgid = getgid();
+- ruid = getuid();
+- rgid = getgid();
-#ifdef HAS_SAVED_IDS_AND_SETEUID
- euid = geteuid();
- egid = getegid();
-
-@@ -448,32 +442,31 @@
- return BadAccess;
- }
- }
+- euid = geteuid();
+- egid = getegid();
+-
+- if (euid != ruid || egid != rgid) {
+- /* Temporarly switch back to real ids */
+- if (seteuid(ruid) == -1 || setegid(rgid) == -1) {
+- return BadAccess;
+- }
+- }
-#endif
shmdesc->addr = shmat(stuff->shmid, 0,
stuff->readOnly ? SHM_RDONLY : 0);
-#ifdef HAS_SAVED_IDS_AND_SETEUID
- if (euid != ruid || egid != rgid) {
- /* Switch back to root privs */
- if (seteuid(euid) == -1 || setegid(egid) == -1) {
- return BadAccess;
- }
+- if (euid != ruid || egid != rgid) {
+- /* Switch back to root privs */
+- if (seteuid(euid) == -1 || setegid(egid) == -1) {
+- return BadAccess;
+- }
- }
-#endif
-+ }
if ((shmdesc->addr == ((char *)-1)) ||
shmctl(stuff->shmid, IPC_STAT, &buf))
{
Reply to: