Hello community, here is the log from the commit of package gdm for openSUSE:11.3 checked in at Thu Mar 31 00:31:38 CEST 2011.
-------- --- old-versions/11.3/UPDATES/all/gdm/gdm.changes 2010-09-15 09:40:47.000000000 +0200 +++ 11.3/gdm/gdm.changes 2011-03-30 09:35:30.000000000 +0200 @@ -1,0 +2,7 @@ +Wed Mar 30 07:04:59 UTC 2011 - [email protected] + +- Add gdm-CVE-2011-0727-bnc679786.patch: worker: change to a user + before copying user files to prevent a possible symlink local + root exploit attack. CVE-2011-0727, bnc#679786. + +------------------------------------------------------------------- calling whatdependson for 11.3-i586 New: ---- gdm-CVE-2011-0727-bnc679786.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gdm.spec ++++++ --- /var/tmp/diff_new_pack.VSShYg/_old 2011-03-31 00:31:15.000000000 +0200 +++ /var/tmp/diff_new_pack.VSShYg/_new 2011-03-31 00:31:15.000000000 +0200 @@ -1,7 +1,7 @@ # -# spec file for package gdm (Version 2.30.2) +# spec file for package gdm # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -42,7 +42,7 @@ License: GPLv2+ Group: System/GUI/GNOME Version: 2.30.2 -Release: 6.<RELEASE1> +Release: 6.<RELEASE3> Summary: The GNOME 2.x Display Manager Source: %{name}-%{version}.tar.bz2 Source1: gdm.pamd @@ -95,6 +95,8 @@ Patch45: gdm-xdmcp-fixes.patch # PATCH-FIX-OPENSUSE gdm-selinux.patch -- Small changes to make it compile fine with SELinux Patch60: gdm-selinux.patch +# PATCH-FIX-UPSTREAM gdm-CVE-2011-0727-bnc679786.patch CVE-2011-0727 bnc#679687 [email protected] -- Change to user before copying user files. +Patch61: gdm-CVE-2011-0727-bnc679786.patch Url: http://www.gnome.org/ BuildRoot: %{_tmppath}/%{name}-%{version}-build DocDir: %{_defaultdocdir} @@ -176,6 +178,7 @@ %patch44 -p1 %patch45 -p1 %patch60 +%patch61 -p1 gnome-patch-translation-update %build ++++++ gdm-CVE-2011-0727-bnc679786.patch ++++++ >From c122ebed451272090e594f3a511cc8a6017a62e2 Mon Sep 17 00:00:00 2001 From: Ray Strode <[email protected]> Date: Thu, 24 Mar 2011 16:47:37 -0400 Subject: [PATCH] worker: CVE-2011-0727: change to user before copying user files This commit changes to a user before copying user files to prevent a possible symlink local root exploit attack. --- daemon/gdm-session-worker.c | 29 +++++++++++++++++------------ 1 files changed, 17 insertions(+), 12 deletions(-) Index: gdm-2.30.2/daemon/gdm-session-worker.c =================================================================== --- gdm-2.30.2.orig/daemon/gdm-session-worker.c +++ gdm-2.30.2/daemon/gdm-session-worker.c @@ -1053,10 +1053,6 @@ gdm_cache_copy_file (GdmSessionWorker *w error->message); g_error_free (error); } else { - chown (cachefilename, - worker->priv->uid, - worker->priv->gid); - g_chmod (cachefilename, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); g_debug ("Copy successful"); } @@ -1190,7 +1186,23 @@ gdm_session_worker_uninitialize_pam (Gdm return; if (worker->priv->state >= GDM_SESSION_WORKER_STATE_SESSION_OPENED) { - gdm_session_worker_cache_userfiles (worker); + pid_t pid; + + pid = fork (); + + if (pid == 0) { + if (setuid (worker->priv->uid) < 0) { + g_debug ("GdmSessionWorker: could not reset uid: %s", g_strerror (errno)); + _exit (1); + } + + gdm_session_worker_cache_userfiles (worker); + _exit (0); + } + + if (pid > 0) { + gdm_wait_on_pid (pid); + } pam_close_session (worker->priv->pam_handle, 0); gdm_session_auditor_report_logout (worker->priv->auditor); ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
