Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Factory:Staging:E
xorg-x11-server
u_xorg-wrapper-Xserver-Options-Whitelist-Filter...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File u_xorg-wrapper-Xserver-Options-Whitelist-Filter.patch of Package xorg-x11-server
--- xserver-1.20.9/hw/xfree86/xorg-wrapper.c +++ xserver-1.20.9/hw/xfree86/xorg-wrapper.c 2020-09-29 12:52:59.256970275 +0200 @@ -191,6 +191,60 @@ return 0; } +static int check_vt_range(long int vt) +{ + if (vt >= 2 && vt <= 7 ) { + return 1; + } + + return 0; +} + +/* Xserver option whitelist filter (boo#1175867) */ +static int option_filter(int argc, char* argv[]){ + + for(int pos=1; pos<argc; pos++) { + const char *arg = argv[pos]; + + if (strlen(arg) == 3 && !strncmp(arg,"vt", 2) && check_vt_range(strtol(arg+2, NULL, 10)) == 1) { + /* vtX (vt2-vt7) */ + continue; + } else if(!strcmp(arg,"-displayfd") || + !strcmp(arg,"-auth") || + !strcmp(arg,"-background") || + !strcmp(arg,"-verbose") || + !strcmp(arg,"-listen")) { + /* -displayfd x + -auth xxxx + -backgound none + -verbose 7 (7 or 3) + -listen tcp + */ + if ((pos+1) < argc) { + pos++; + } else { + fprintf(stderr, "%s: Missing argument for Xserver option \"%s\". Aborting.\n", + progname, arg); + return 0; + } + } else if (!strcmp(arg,"-noreset") || + !strcmp(arg,"-keeptty") || + !strcmp(arg,"-core")) { + /* -noreset + -keeptty + -core + */ + continue; + } else { + fprintf(stderr, "%s: Xserver option \"%s\" invalid or not in whitelist. Aborting.\n", + progname, arg); + return 0; + } + } + + return 1; +} + int main(int argc, char *argv[]) { #ifdef WITH_LIBDRM @@ -250,11 +304,14 @@ close(fd); } + /* If we've found cards, and all cards support kms, drop root rights */ + if (total_cards && kms_cards == total_cards) { + needs_root_rights = 0; + } } #endif - /* If we've found cards, and all cards support kms, drop root rights */ - if (needs_root_rights == 0 || (total_cards && kms_cards == total_cards)) { + if (needs_root_rights == 0) { gid_t realgid = getgid(); uid_t realuid = getuid(); int ngroups = 0; @@ -326,6 +383,15 @@ } argv[0] = buf; + + if (needs_root_rights == 1 && getuid() != 0) + { + /* Xserver option whitelist filter (boo#1175867) */ + if (option_filter(argc, argv) == 0) { + exit(1); + } + } + if (getuid() == geteuid()) (void) execv(argv[0], argv); else
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor