[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#413454: xorg: allow GNU/kFreeBSD console users to start X

Package: xorg
Version: 1:7.1.0-13
Severity: wishlist
Tags: patch
User: glibc-bsd-devel@lists.alioth.debian.org
Usertags: kfreebsd

Hi,

Currently on Debian GNU/kFreeBSD systems a user cannot start X using
the wrapper w/o being root, or changing in Xwrapper.config allowed_users
to anybody (which is a security threat).

The attached patch adds console detection support, and some messages
at build and run time to allow the user to know what failed on
unsupported systems.

regards,
guillem

diff -Nru xorg-7.1.0/debian/local/xserver-wrapper.c xorg-7.1.0/debian/local/xserver-wrapper.c
--- xorg-7.1.0/debian/local/xserver-wrapper.c	2007-02-13 12:02:09.000000000 +0200
+++ xorg-7.1.0/debian/local/xserver-wrapper.c	2007-03-05 07:05:32.000000000 +0200
@@ -102,7 +102,12 @@
 # include <sys/resource.h>
 #endif
 
+#if defined(__linux__)
 #define VT_MAJOR_DEV 4
+#elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
+#include <sys/consio.h>
+#endif
+
 #define X_WRAPPER_CONFIG_FILE "/etc/X11/Xwrapper.config"
 #define X_SERVER_SYMLINK_DIR "/etc/X11"
 #define X_SERVER_SYMLINK "/etc/X11/X"
@@ -138,10 +143,37 @@
 }
 
 static int
-checkSecLevel(SecurityLevel level)
+onConsole()
 {
+#if defined(__linux__)
   struct stat s;
 
+  /* see if stdin is a virtual console device */
+  if (fstat(0, &s) != 0) {
+    (void) fprintf(stderr, "X: cannot stat stdin\n");
+    return FALSE;
+  }
+  if (S_ISCHR(s.st_mode) &&
+      ((s.st_rdev >> 8) & 0xff) == VT_MAJOR_DEV &&
+      (s.st_rdev & 0xff) < 64) {
+    return TRUE;
+  }
+#elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
+  int idx;
+
+  if (ioctl(0, VT_GETINDEX, &idx) != -1)
+    return TRUE;
+#else
+#warning This program needs porting to your kernel.
+  (void) fprintf(stderr, "X: unable to determine if running on a console\n");
+#endif
+
+  return FALSE;
+}
+
+static int
+checkSecLevel(SecurityLevel level)
+{
   switch (level) {
   case RootOnly:
     if (getuid() == 0) { /* real uid is root */
@@ -152,16 +184,7 @@
     break;
   case Console:
     if (getuid() == 0) return TRUE; /* root */
-    /* see if stdin is a virtual console device */
-    if (fstat(0, &s) != 0) {
-      (void) fprintf(stderr,"X: cannot stat stdin\n");
-      return FALSE;
-    }
-    if (S_ISCHR(s.st_mode) &&
-        ((s.st_rdev >> 8) & 0xff) == VT_MAJOR_DEV &&
-        (s.st_rdev & 0xff) < 64) {
-      return TRUE;
-    }
+    if (onConsole()) return TRUE;
     break;
   case Anybody:
     return TRUE;
Reply to: