debian/changelog | 13 ++++++++++++- debian/local/xserver-wrapper.c | 16 +++++++--------- 2 files changed, 19 insertions(+), 10 deletions(-)
New commits: commit a8bf2613e8136af5cd9bc9ffa0ecba4616921d80 Author: Julien Cristau <[email protected]> Date: Fri Dec 16 19:45:50 2011 +0100 Upload to squeeze-security diff --git a/debian/changelog b/debian/changelog index 558d9cf..edc78a4 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,12 +1,13 @@ -xorg (1:7.5+8+squeeze1) UNRELEASED; urgency=low +xorg (1:7.5+8+squeeze1) squeeze-security; urgency=low * xserver-wrapper: when we drop privileges, don't forget to also reset effective group id, since we're installed setgid root. * xserver-wrapper: revert change to allow devices with major 5 as consoles. This includes things like /dev/tty and /dev/ptmx, which are world-readable (closes: #652249). Thanks to vladz for the report. + Reference: CVE-2011-4613. - -- Julien Cristau <[email protected]> Tue, 01 Nov 2011 15:13:52 +0100 + -- Julien Cristau <[email protected]> Fri, 16 Dec 2011 19:54:40 +0100 xorg (1:7.5+8) unstable; urgency=low commit a455042692f5a7313eeffd00b1a397c4ba9c5017 Author: Julien Cristau <[email protected]> Date: Thu Dec 15 21:02:12 2011 +0100 xserver-wrapper: revert change to allow devices with major 5 as consoles. This includes things like /dev/tty and /dev/ptmx, which are world-readable (closes: #652249). Thanks to vladz for the report. (cherry picked from commit acc6eda78b98d8a7af554bc578f5fdc21ec934bb) diff --git a/debian/changelog b/debian/changelog index 0606ac8..558d9cf 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2,6 +2,9 @@ xorg (1:7.5+8+squeeze1) UNRELEASED; urgency=low * xserver-wrapper: when we drop privileges, don't forget to also reset effective group id, since we're installed setgid root. + * xserver-wrapper: revert change to allow devices with major 5 as consoles. + This includes things like /dev/tty and /dev/ptmx, which are + world-readable (closes: #652249). Thanks to vladz for the report. -- Julien Cristau <[email protected]> Tue, 01 Nov 2011 15:13:52 +0100 diff --git a/debian/local/xserver-wrapper.c b/debian/local/xserver-wrapper.c index b724919..9bc0d6a 100644 --- a/debian/local/xserver-wrapper.c +++ b/debian/local/xserver-wrapper.c @@ -83,6 +83,7 @@ * Julien Cristau: don't check the mode of the DRI device directory * (11 Aug 2009) * Julien Cristau: also drop group privileges (1 Nov 2011) + * Julien Cristau: disallow major 5 again for consoles (15 Dec 2011) * * This is free software; you may redistribute it and/or modify * it under the terms of the GNU General Public License as @@ -113,7 +114,6 @@ #if defined(__linux__) #define TTY_MAJOR_DEV 4 -#define ALT_TTY_MAJOR_DEV 5 #elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__) #include <sys/consio.h> #endif @@ -162,11 +162,8 @@ onConsole() return FALSE; } if (S_ISCHR(s.st_mode) && - ((((s.st_rdev >> 8) & 0xff) == TTY_MAJOR_DEV && - (s.st_rdev & 0xff) < 64) || - (((s.st_rdev >> 8) & 0xff) == ALT_TTY_MAJOR_DEV && - (s.st_rdev & 0xff) < 64) - )) { + (((s.st_rdev >> 8) & 0xff) == TTY_MAJOR_DEV && + (s.st_rdev & 0xff) < 64)) { return TRUE; } #elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__) commit d48ae52d1ae8fe4e1657acc065d4d13c01f73870 Author: Julien Cristau <[email protected]> Date: Tue Nov 1 15:15:04 2011 +0100 Fix privileges dropping in the X wrapper xserver-wrapper: when we drop privileges, don't forget to also reset effective group id, since we're installed setgid root. (cherry-picked from commit e81b3943be75ca6674867fc7756905490e979522) Conflicts: debian/changelog diff --git a/debian/changelog b/debian/changelog index 43610ac..0606ac8 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +xorg (1:7.5+8+squeeze1) UNRELEASED; urgency=low + + * xserver-wrapper: when we drop privileges, don't forget to also reset + effective group id, since we're installed setgid root. + + -- Julien Cristau <[email protected]> Tue, 01 Nov 2011 15:13:52 +0100 + xorg (1:7.5+8) unstable; urgency=low [ Julien Cristau ] diff --git a/debian/local/xserver-wrapper.c b/debian/local/xserver-wrapper.c index de040d6..b724919 100644 --- a/debian/local/xserver-wrapper.c +++ b/debian/local/xserver-wrapper.c @@ -82,6 +82,7 @@ * -showDefaultLibPath options (11 Aug 2009) * Julien Cristau: don't check the mode of the DRI device directory * (11 Aug 2009) + * Julien Cristau: also drop group privileges (1 Nov 2011) * * This is free software; you may redistribute it and/or modify * it under the terms of the GNU General Public License as @@ -314,12 +315,12 @@ main(int argc, char **argv) for (i = 1; i < argc; i++) { if (!strcmp(argv[i], "-config") || !strcmp(argv[i], "-xf86config")) { - if (setuid(getuid())) { + if (setgid(getgid()) || setuid(getuid())) { perror("X unable to drop setuid privileges for alternate config"); exit(1); } } else if (strlen(argv[i]) > 256) { - if (setuid(getuid())) { + if (setgid(getgid()) || setuid(getuid())) { perror("X unable to drop setuid privileges for suspiciously long " "argument"); exit(1); @@ -355,7 +356,7 @@ main(int argc, char **argv) (strcmp(argv[1], "-version") == 0) || (strcmp(argv[1], "-showDefaultModulePath") == 0) || (strcmp(argv[1], "-showDefaultLibPath") == 0) ) ) { - if (setuid(getuid())) { + if (setgid(getgid()) || setuid(getuid())) { perror("X unable to drop setuid privileges"); exit(1); } -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
