Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
DISCONTINUED:openSUSE:11.2:Update
kdebase4-workspace
bnc584223.diff
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File bnc584223.diff of Package kdebase4-workspace
Index: ctrl.c =================================================================== --- workspace/kdm/backend/ctrl.c (revision 1097261) +++ workspace/kdm/backend/ctrl.c (revision 1103535) @@ -98,7 +98,7 @@ if (cr->fd < 0) { if (mkdir( fifoDir, 0755 )) { if (errno != EEXIST) { - logError( "mkdir %\"s failed; no control FiFos will be available\n", + logError( "mkdir %\"s failed: %m; no control sockets will be available\n", fifoDir ); return; } @@ -111,17 +111,17 @@ strApp( &cr->path, sockdir, "/socket", (char *)0 ); if (cr->path) { if (strlen( cr->path ) >= sizeof(sa.sun_path)) - logError( "path %\"s too long; no control sockets will be available\n", + logError( "path %\"s too long; control socket will not be available\n", cr->path ); else if (mkdir( sockdir, 0755 ) && errno != EEXIST) - logError( "mkdir %\"s failed; no control sockets will be available\n", + logError( "mkdir %\"s failed: %m; control socket will not be available\n", sockdir ); else { if (!d) chown( sockdir, -1, fifoGroup ); chmod( sockdir, 0750 ); if ((cr->fd = socket( PF_UNIX, SOCK_STREAM, 0 )) < 0) - logError( "Cannot create control socket\n" ); + logError( "Cannot create control socket: %m\n" ); else { unlink( cr->path ); sa.sun_family = AF_UNIX; @@ -135,10 +135,10 @@ return; } unlink( cr->path ); - logError( "Cannot listen on control socket %\"s\n", + logError( "Cannot listen on control socket %\"s: %m\n", cr->path ); } else - logError( "Cannot bind control socket %\"s\n", + logError( "Cannot bind control socket %\"s: %m\n", cr->path ); close( cr->fd ); cr->fd = -1; diff --git a/kdm/ConfigureChecks.cmake b/kdm/ConfigureChecks.cmake index 36544a2..eab8df9 100644 --- a/kdm/ConfigureChecks.cmake +++ b/kdm/ConfigureChecks.cmake @@ -37,6 +37,35 @@ int main() } " HAVE_SETLOGIN) +check_c_source_runs(" +#include <sys/socket.h> +#include <sys/un.h> +#include <sys/stat.h> +#include <sys/types.h> +#include <string.h> +#include <unistd.h> +#include <errno.h> +int main() +{ + int fd, fd2; + struct sockaddr_un sa; + + if ((fd = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) + return 2; + sa.sun_family = AF_UNIX; + strcpy(sa.sun_path, \"testsock\"); + unlink(sa.sun_path); + if (bind(fd, (struct sockaddr *)&sa, sizeof(sa))) + return 2; + chmod(sa.sun_path, 0); + setuid(getuid() + 1000); + if ((fd2 = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) + return 2; + connect(fd2, (struct sockaddr *)&sa, sizeof(sa)); + return errno != EACCES; +} +" HONORS_SOCKET_PERMS) + # for config-kdm.h check_function_exists(seteuid HAVE_SETEUID) diff --git a/kdm/backend/ctrl.c b/kdm/backend/ctrl.c index da35712..2b9c113 100644 --- a/kdm/backend/ctrl.c +++ b/kdm/backend/ctrl.c @@ -79,7 +79,25 @@ nukeSock( struct cmdsock *cs ) } +#ifdef HONORS_SOCKET_PERMS static CtrlRec ctrl = { 0, 0, -1, 0 }; +#else +static CtrlRec ctrl = { 0, 0, 0, -1, 0 }; + +static int mkTempDir( char *dir ) +{ + int i, l = strlen( dir ) - 6; + + for (i = 0; i < 100; i++) { + randomStr( dir + l ); + if (!mkdir( dir, 0700 )) + return True; + if (errno != EEXIST) + break; + } + return False; +} +#endif void openCtrl( struct display *d ) @@ -113,22 +131,50 @@ openCtrl( struct display *d ) if (strlen( cr->path ) >= sizeof(sa.sun_path)) logError( "path %\"s too long; control socket will not be available\n", cr->path ); - else if (mkdir( sockdir, 0755 ) && errno != EEXIST) +#ifdef HONORS_SOCKET_PERMS + else if (mkdir( sockdir, 0700 ) && errno != EEXIST) logError( "mkdir %\"s failed: %m; control socket will not be available\n", sockdir ); + else if (unlink( cr->path ) && errno != ENOENT) + logError( "unlink %\"s failed: %m; control socket will not be available\n", + cr->path ); else { - if (!d) - chown( sockdir, -1, fifoGroup ); +#else + else if (unlink( sockdir ) && errno != ENOENT) + logError( "unlink %\"s failed: %m; control socket will not be available\n", + sockdir ); + else if (!strApp( &cr->realdir, sockdir, "-XXXXXX", (char *)0)) + ; + else if (!mkTempDir( cr->realdir )) { + logError( "mkdir %\"s failed: %m; control socket will not be available\n", + cr->realdir ); + free( cr->realdir ); + cr->realdir = 0; + } else if (symlink( cr->realdir, sockdir )) { + logError( "symlink %\"s => %\"s failed: %m; control socket will not be available\n", + sockdir, cr->realdir ); + rmdir( cr->realdir ); + free( cr->realdir ); + cr->realdir = 0; + } else { + chown( sockdir, 0, d ? 0 : fifoGroup ); chmod( sockdir, 0750 ); +#endif if ((cr->fd = socket( PF_UNIX, SOCK_STREAM, 0 )) < 0) logError( "Cannot create control socket: %m\n" ); else { - unlink( cr->path ); sa.sun_family = AF_UNIX; strcpy( sa.sun_path, cr->path ); if (!bind( cr->fd, (struct sockaddr *)&sa, sizeof(sa) )) { if (!listen( cr->fd, 5 )) { +#ifdef HONORS_SOCKET_PERMS + chmod( cr->path, 0660 ); + if (!d) + chown( cr->path, -1, fifoGroup ); + chmod( sockdir, 0755 ); +#else chmod( cr->path, 0666 ); +#endif registerCloseOnFork( cr->fd ); registerInput( cr->fd ); free( sockdir ); @@ -143,6 +189,14 @@ openCtrl( struct display *d ) close( cr->fd ); cr->fd = -1; } +#ifdef HONORS_SOCKET_PERMS + rmdir( sockdir ); +#else + unlink( sockdir ); + rmdir( cr->realdir ); + free( cr->realdir ); + cr->realdir = 0; +#endif } free( cr->path ); cr->path = 0; @@ -163,7 +217,14 @@ closeCtrl( struct display *d ) cr->fd = -1; unlink( cr->path ); *strrchr( cr->path, '/' ) = 0; +#ifdef HONORS_SOCKET_PERMS rmdir( cr->path ); +#else + unlink( cr->path ); + rmdir( cr->realdir ); + free( cr->realdir ); + cr->realdir = 0; +#endif free( cr->path ); cr->path = 0; while (cr->css) { @@ -177,12 +238,12 @@ closeCtrl( struct display *d ) void chownCtrl( CtrlRec *cr, int uid ) { - if (cr->path) { - char *ptr = strrchr( cr->path, '/' ); - *ptr = 0; + if (cr->path) +#ifdef HONORS_SOCKET_PERMS chown( cr->path, uid, -1 ); - *ptr = '/'; - } +#else + chown( cr->realdir, uid, -1 ); +#endif } void diff --git a/kdm/backend/dm.h b/kdm/backend/dm.h index 42d6a13..0696e2e 100644 --- a/kdm/backend/dm.h +++ b/kdm/backend/dm.h @@ -232,6 +232,9 @@ typedef struct { struct cmdsock *css; /* open connections */ char *path; /* filename of the socket */ +#ifndef HONORS_SOCKET_PERMS + char *realdir; /* real dirname of the socket */ +#endif int fd; /* fd of the socket */ int gid; /* owner group of the socket */ } CtrlRec; diff --git a/kdm/config-kdm.h.cmake b/kdm/config-kdm.h.cmake index a9bcce1..3e8912d 100644 --- a/kdm/config-kdm.h.cmake +++ b/kdm/config-kdm.h.cmake @@ -129,6 +129,9 @@ /* Define to 1 if the ck-connector library is found */ #cmakedefine HAVE_CKCONNECTOR 1 +/* Define to 1 if OS honors permission bits on socket inodes */ +#cmakedefine HONORS_SOCKET_PERMS 1 + /* $PATH defaults set by KDM */ #cmakedefine KDM_DEF_USER_PATH "${KDM_DEF_USER_PATH}" #cmakedefine KDM_DEF_SYSTEM_PATH "${KDM_DEF_SYSTEM_PATH}" -- 1.6.6.20.g9bfff
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor