xorg: Changes to 'debian-squeeze'
debian/changelog | 13 ++++++++++++-
debian/local/xserver-wrapper.c | 16 +++++++---------
2 files changed, 19 insertions(+), 10 deletions(-)
New commits:
commit a8bf2613e8136af5cd9bc9ffa0ecba4616921d80
Author: Julien Cristau <jcristau@debian.org>
Date: Fri Dec 16 19:45:50 2011 +0100
Upload to squeeze-security
diff --git a/debian/changelog b/debian/changelog
index 558d9cf..edc78a4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,12 +1,13 @@
-xorg (1:7.5+8+squeeze1) UNRELEASED; urgency=low
+xorg (1:7.5+8+squeeze1) squeeze-security; urgency=low
* xserver-wrapper: when we drop privileges, don't forget to also reset
effective group id, since we're installed setgid root.
* xserver-wrapper: revert change to allow devices with major 5 as consoles.
This includes things like /dev/tty and /dev/ptmx, which are
world-readable (closes: #652249). Thanks to vladz for the report.
+ Reference: CVE-2011-4613.
- -- Julien Cristau <jcristau@debian.org> Tue, 01 Nov 2011 15:13:52 +0100
+ -- Julien Cristau <jcristau@debian.org> Fri, 16 Dec 2011 19:54:40 +0100
xorg (1:7.5+8) unstable; urgency=low
commit a455042692f5a7313eeffd00b1a397c4ba9c5017
Author: Julien Cristau <jcristau@debian.org>
Date: Thu Dec 15 21:02:12 2011 +0100
xserver-wrapper: revert change to allow devices with major 5 as consoles.
This includes things like /dev/tty and /dev/ptmx, which are
world-readable (closes: #652249). Thanks to vladz for the report.
(cherry picked from commit acc6eda78b98d8a7af554bc578f5fdc21ec934bb)
diff --git a/debian/changelog b/debian/changelog
index 0606ac8..558d9cf 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,9 @@ xorg (1:7.5+8+squeeze1) UNRELEASED; urgency=low
* xserver-wrapper: when we drop privileges, don't forget to also reset
effective group id, since we're installed setgid root.
+ * xserver-wrapper: revert change to allow devices with major 5 as consoles.
+ This includes things like /dev/tty and /dev/ptmx, which are
+ world-readable (closes: #652249). Thanks to vladz for the report.
-- Julien Cristau <jcristau@debian.org> Tue, 01 Nov 2011 15:13:52 +0100
diff --git a/debian/local/xserver-wrapper.c b/debian/local/xserver-wrapper.c
index b724919..9bc0d6a 100644
--- a/debian/local/xserver-wrapper.c
+++ b/debian/local/xserver-wrapper.c
@@ -83,6 +83,7 @@
* Julien Cristau: don't check the mode of the DRI device directory
* (11 Aug 2009)
* Julien Cristau: also drop group privileges (1 Nov 2011)
+ * Julien Cristau: disallow major 5 again for consoles (15 Dec 2011)
*
* This is free software; you may redistribute it and/or modify
* it under the terms of the GNU General Public License as
@@ -113,7 +114,6 @@
#if defined(__linux__)
#define TTY_MAJOR_DEV 4
-#define ALT_TTY_MAJOR_DEV 5
#elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
#include <sys/consio.h>
#endif
@@ -162,11 +162,8 @@ onConsole()
return FALSE;
}
if (S_ISCHR(s.st_mode) &&
- ((((s.st_rdev >> 8) & 0xff) == TTY_MAJOR_DEV &&
- (s.st_rdev & 0xff) < 64) ||
- (((s.st_rdev >> 8) & 0xff) == ALT_TTY_MAJOR_DEV &&
- (s.st_rdev & 0xff) < 64)
- )) {
+ (((s.st_rdev >> 8) & 0xff) == TTY_MAJOR_DEV &&
+ (s.st_rdev & 0xff) < 64)) {
return TRUE;
}
#elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
commit d48ae52d1ae8fe4e1657acc065d4d13c01f73870
Author: Julien Cristau <jcristau@debian.org>
Date: Tue Nov 1 15:15:04 2011 +0100
Fix privileges dropping in the X wrapper
xserver-wrapper: when we drop privileges, don't forget to also reset
effective group id, since we're installed setgid root.
(cherry-picked from commit e81b3943be75ca6674867fc7756905490e979522)
Conflicts:
debian/changelog
diff --git a/debian/changelog b/debian/changelog
index 43610ac..0606ac8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+xorg (1:7.5+8+squeeze1) UNRELEASED; urgency=low
+
+ * xserver-wrapper: when we drop privileges, don't forget to also reset
+ effective group id, since we're installed setgid root.
+
+ -- Julien Cristau <jcristau@debian.org> Tue, 01 Nov 2011 15:13:52 +0100
+
xorg (1:7.5+8) unstable; urgency=low
[ Julien Cristau ]
diff --git a/debian/local/xserver-wrapper.c b/debian/local/xserver-wrapper.c
index de040d6..b724919 100644
--- a/debian/local/xserver-wrapper.c
+++ b/debian/local/xserver-wrapper.c
@@ -82,6 +82,7 @@
* -showDefaultLibPath options (11 Aug 2009)
* Julien Cristau: don't check the mode of the DRI device directory
* (11 Aug 2009)
+ * Julien Cristau: also drop group privileges (1 Nov 2011)
*
* This is free software; you may redistribute it and/or modify
* it under the terms of the GNU General Public License as
@@ -314,12 +315,12 @@ main(int argc, char **argv)
for (i = 1; i < argc; i++) {
if (!strcmp(argv[i], "-config") || !strcmp(argv[i], "-xf86config")) {
- if (setuid(getuid())) {
+ if (setgid(getgid()) || setuid(getuid())) {
perror("X unable to drop setuid privileges for alternate config");
exit(1);
}
} else if (strlen(argv[i]) > 256) {
- if (setuid(getuid())) {
+ if (setgid(getgid()) || setuid(getuid())) {
perror("X unable to drop setuid privileges for suspiciously long "
"argument");
exit(1);
@@ -355,7 +356,7 @@ main(int argc, char **argv)
(strcmp(argv[1], "-version") == 0) ||
(strcmp(argv[1], "-showDefaultModulePath") == 0) ||
(strcmp(argv[1], "-showDefaultLibPath") == 0) ) ) {
- if (setuid(getuid())) {
+ if (setgid(getgid()) || setuid(getuid())) {
perror("X unable to drop setuid privileges");
exit(1);
}
Reply to: