xorg: Changes to 'ubuntu'
debian/changelog | 29 +++++++
debian/local/Xsession.5 | 7 +
debian/local/Xsession.d/35x11-common_xhost-local | 10 ++
debian/x11-common.init | 90 +++++++++++++++--------
4 files changed, 106 insertions(+), 30 deletions(-)
New commits:
commit aae5708284ebb931ff4241fe50b21f9033b5f245
Author: Timo Aaltonen <tjaalton@ubuntu.com>
Date: Thu Mar 22 19:42:43 2012 +0200
update the changelog for release
diff --git a/debian/changelog b/debian/changelog
index 0417729..7e8fd25 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+xorg (1:7.6+12ubuntu1) precise; urgency=low
+
+ * Merge from Debian unstable.
+
+ -- Timo Aaltonen <tjaalton@ubuntu.com> Thu, 22 Mar 2012 19:42:07 +0200
+
xorg (1:7.6+12) unstable; urgency=high
* Fix unsafe manipulation of /tmp/.X11-unix and /tmp/.ICE-unix in the
commit 75d568a94a7ccfb37a51711c9f1ac42f584ec140
Author: Julien Cristau <jcristau@debian.org>
Date: Sat Mar 3 18:55:44 2012 +0100
Upload to unstable
diff --git a/debian/changelog b/debian/changelog
index 2be2fa8..5f8f3d8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-xorg (1:7.6+12) UNRELEASED; urgency=high
+xorg (1:7.6+12) unstable; urgency=high
* Fix unsafe manipulation of /tmp/.X11-unix and /tmp/.ICE-unix in the
x11-common init script. A malicious user could trick us into changing
@@ -7,7 +7,7 @@ xorg (1:7.6+12) UNRELEASED; urgency=high
"vladz", Tim Morgan and Bernhard R. Link for their help getting this right
(any remaining bugs are my own).
- -- Julien Cristau <jcristau@debian.org> Fri, 02 Mar 2012 21:38:07 +0100
+ -- Julien Cristau <jcristau@debian.org> Sat, 03 Mar 2012 18:54:30 +0100
xorg (1:7.6+11) unstable; urgency=low
commit 0418b8dd8fa6940285f7f6b71302655942c15fb7
Author: Julien Cristau <jcristau@debian.org>
Date: Fri Mar 2 21:57:56 2012 +0100
Be more careful before running chown/chmod in x11-common.init
Fix unsafe manipulation of /tmp/.X11-unix and /tmp/.ICE-unix in the x11-common
init script. A malicious user could trick us into changing
ownership/permissions of an arbitrary directory, and elevate their privileges
(closes: #661627). Reference: CVE-2012-1093.
diff --git a/debian/changelog b/debian/changelog
index 53edbbe..2be2fa8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,14 @@
+xorg (1:7.6+12) UNRELEASED; urgency=high
+
+ * Fix unsafe manipulation of /tmp/.X11-unix and /tmp/.ICE-unix in the
+ x11-common init script. A malicious user could trick us into changing
+ ownership/permissions of an arbitrary directory, and elevate their
+ privileges (closes: #661627). Reference: CVE-2012-1093. Thanks to
+ "vladz", Tim Morgan and Bernhard R. Link for their help getting this right
+ (any remaining bugs are my own).
+
+ -- Julien Cristau <jcristau@debian.org> Fri, 02 Mar 2012 21:38:07 +0100
+
xorg (1:7.6+11) unstable; urgency=low
* Team upload.
diff --git a/debian/x11-common.init b/debian/x11-common.init
index 34835ac..014594b 100644
--- a/debian/x11-common.init
+++ b/debian/x11-common.init
@@ -2,17 +2,17 @@
# /etc/init.d/x11-common: set up the X server and ICE socket directories
### BEGIN INIT INFO
# Provides: x11-common
-# Required-Start: $local_fs
-# Required-Stop: $local_fs
+# Required-Start: $remote_fs
+# Required-Stop: $remote_fs
# Default-Start: S
# Default-Stop:
### END INIT INFO
set -e
-PATH=/bin:/sbin
-SOCKET_DIR=/tmp/.X11-unix
-ICE_DIR=/tmp/.ICE-unix
+PATH=/usr/bin:/usr/sbin:/bin:/sbin
+SOCKET_DIR=.X11-unix
+ICE_DIR=.ICE-unix
. /lib/lsb/init-functions
if [ -f /etc/default/rcS ]; then
@@ -26,36 +26,60 @@ do_restorecon () {
fi
}
-set_up_socket_dir () {
- if [ "$VERBOSE" != no ]; then
- log_begin_msg "Setting up X server socket directory $SOCKET_DIR..."
- fi
- if [ -e $SOCKET_DIR ] && [ ! -d $SOCKET_DIR ]; then
- mv $SOCKET_DIR $SOCKET_DIR.$$
- fi
- mkdir -p $SOCKET_DIR
- chown root:root $SOCKET_DIR
- chmod 1777 $SOCKET_DIR
- do_restorecon $SOCKET_DIR
- [ "$VERBOSE" != no ] && log_end_msg 0 || return 0
-}
+# create a directory in /tmp.
+# assumes /tmp has a sticky bit set (or is only writeable by root)
+set_up_dir () {
+ DIR="/tmp/$1"
-set_up_ice_dir () {
if [ "$VERBOSE" != no ]; then
- log_begin_msg "Setting up ICE socket directory $ICE_DIR..."
+ log_progress_msg "$DIR"
fi
- if [ -e $ICE_DIR ] && [ ! -d $ICE_DIR ]; then
- mv $ICE_DIR $ICE_DIR.$$
+ # if $DIR exists and isn't a directory, move it aside
+ if [ -e $DIR ] && ! [ -d $DIR ] || [ -h $DIR ]; then
+ mv "$DIR" "$(mktemp -d $DIR.XXXXXX)"
fi
- mkdir -p $ICE_DIR
- chown root:root $ICE_DIR
- chmod 1777 $ICE_DIR
- do_restorecon $ICE_DIR
- [ "$VERBOSE" != no ] && log_end_msg 0 || return 0
+
+ error=0
+ while :; do
+ if [ $error -ne 0 ] ; then
+ # an error means the file-system is readonly or an attacker
+ # is doing evil things, distinguish by creating a temporary file,
+ # but give up after a while.
+ if [ $error -gt 5 ]; then
+ log_failure_msg "failed to set up $DIR"
+ return 1
+ fi
+ fn="$(mktemp /tmp/testwriteable.XXXXXXXXXX)" || return 1
+ rm "$fn"
+ fi
+ mkdir -p -m 01777 "$DIR" || { rm "$DIR" || error=$((error + 1)) ; continue ; }
+ case "$(LC_ALL=C stat -c '%u %g %a %F' "$DIR")" in
+ "0 0 1777 directory")
+ # everything as it is supposed to be
+ break
+ ;;
+ "0 0 "*" directory")
+ # as it is owned by root, cannot be replaced with a symlink:
+ chmod 01777 "$DIR"
+ break
+ ;;
+ *" directory")
+ # if the chown succeeds, the next step can change it savely
+ chown -h root:root "$DIR" || error=$((error + 1))
+ continue
+ ;;
+ *)
+ log_failure_msg "failed to set up $DIR"
+ return 1
+ ;;
+ esac
+ done
+
+ return 0
}
do_status () {
- if [ -d $ICE_DIR ] && [ -d $SOCKET_DIR ]; then
+ if [ -d "/tmp/$ICE_DIR" ] && [ -d "/tmp/$SOCKET_DIR" ]; then
return 0
else
return 4
@@ -64,8 +88,14 @@ do_status () {
case "$1" in
start)
- set_up_socket_dir
- set_up_ice_dir
+ if [ "$VERBOSE" != no ]; then
+ log_begin_msg "Setting up X socket directories..."
+ fi
+ set_up_dir "$SOCKET_DIR"
+ set_up_dir "$ICE_DIR"
+ if [ "$VERBOSE" != no ]; then
+ log_end_msg 0
+ fi
;;
restart|reload|force-reload)
commit 1ae75a70edfd55acd885b9f6195428cd535ddb2d
Author: Josselin Mouette <joss@debian.org>
Date: Sat Jan 28 12:43:24 2012 +0100
Release 1:7.6+11 to unstable.
diff --git a/debian/changelog b/debian/changelog
index 20397c5..53edbbe 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,12 +1,13 @@
-xorg (1:7.6+11) UNRELEASED; urgency=low
+xorg (1:7.6+11) unstable; urgency=low
+ * Team upload.
* debian/local/Xsession.d/35x11-common_xhost-local: add a new script
to the default X session. It will give access to the running X
server to the logged on user. This is useful for gdm3 which does not
give access to $XAUTHORITY outside the session, but can also be of
use for other display managers. Closes: #586685.
- -- Josselin Mouette <joss@debian.org> Thu, 24 Nov 2011 22:52:19 +0100
+ -- Josselin Mouette <joss@debian.org> Sat, 28 Jan 2012 12:42:38 +0100
xorg (1:7.6+10) unstable; urgency=high
commit 22ce089c330c2be530802a09c929ef749b294c2b
Author: Julien Cristau <jcristau@debian.org>
Date: Fri Dec 16 00:23:40 2011 +0100
Add CVE ref to 1:7.6+10 changelog
diff --git a/debian/changelog b/debian/changelog
index 07109a2..20397c5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -16,6 +16,7 @@ xorg (1:7.6+10) unstable; urgency=high
- revert change to allow devices with major 5 as consoles. This includes
things like /dev/tty and /dev/ptmx, which are world-readable (closes:
#652249). Thanks to vladz for the report.
+ Reference: CVE-2011-4613.
- use major() and minor() macros instead of manually extracting them
* Build the X wrapper with hardening enabled.
commit 9b1d91483680a3e9282bffb0aca4a08bd533e36e
Author: Josselin Mouette <joss@debian.org>
Date: Thu Nov 24 22:58:20 2011 +0100
debian/local/Xsession.d/35x11-common_xhost-local: add a new script to the default X session. It will give access to the running X server to the logged on user. This is useful for gdm3 which does not give access to $XAUTHORITY outside the session, but can also be of use for other display managers. Closes: #586685.
diff --git a/debian/changelog b/debian/changelog
index f2198f9..320064e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,14 @@
+xorg (1:7.6+10) UNRELEASED; urgency=low
+
+ [ Josselin Mouette ]
+ * debian/local/Xsession.d/35x11-common_xhost-local: add a new script
+ to the default X session. It will give access to the running X
+ server to the logged on user. This is useful for gdm3 which does not
+ give access to $XAUTHORITY outside the session, but can also be of
+ use for other display managers. Closes: #586685.
+
+ -- Josselin Mouette <joss@debian.org> Thu, 24 Nov 2011 22:52:19 +0100
+
xorg (1:7.6+9) unstable; urgency=low
[ Julien Cristau ]
diff --git a/debian/local/Xsession.5 b/debian/local/Xsession.5
index 74d6911..2e954bb 100644
--- a/debian/local/Xsession.5
+++ b/debian/local/Xsession.5
@@ -186,6 +186,13 @@ the user's
.I $HOME/.Xresources
file is merged in the same way.
.TP
+.I /etc/X11/Xsession.d/35x11\-common_xhost\-local
+Give access to the X server to the same user on the local host.
+If the
+.I xhost
+command is available, it will use it to allow any process of the same
+user running on the local host to access the X server.
+.TP
.I /etc/X11/Xsession.d/40x11\-common_xsessionrc
Source global environment variables.
This script will source anything in
diff --git a/debian/local/Xsession.d/35x11-common_xhost-local b/debian/local/Xsession.d/35x11-common_xhost-local
new file mode 100644
index 0000000..d127a6c
--- /dev/null
+++ b/debian/local/Xsession.d/35x11-common_xhost-local
@@ -0,0 +1,10 @@
+# This file is sourced by Xsession(5), not executed.
+
+# If xhost (from x11-xserver-utils) is installed, use it to give access
+# to the X server to any process from the same user on the local host.
+# Unlike other uses of xhost, this is safe since the kernel can check
+# the actual owner of the calling process.
+
+if type xhost >/dev/null 2>&1; then
+ xhost +si:localuser:$(id -un) || :
+fi
Reply to: