Fwd: kdebase3 - CVE-2010-0436

[Oliver Pinter]

this errata is fixed in kde4 and not yet in kde3 @ports...

---------- Forwarded message ----------
From: Oliver Pinter <oliver.p...@gmail.com>
Date: Sun, 25 Apr 2010 00:31:03 +0200
Subject: kdebase3 - CVE-2010-0436
To: k...@freebsd.org

hi all!

some RH patches for cve-2010-0436:

final: https://bugzilla.redhat.com/attachment.cgi?id=400244&action=diff
(I think this for kde4, it depend on cmake)
v1/1: https://bugzilla.redhat.com/attachment.cgi?id=401213&action=diff
v1/2: https://bugzilla.redhat.com/attachment.cgi?id=401214&action=diff

and attached patch for kdm-kde3 from Red Hat kdebase3 source

diff -up kdebase-3.5.4/kdm/backend/ctrl.c.than kdebase-3.5.4/kdm/backend/ctrl.c
--- kdebase-3.5.4/kdm/backend/ctrl.c.than	2010-03-19 12:42:52.000000000 +0100
+++ kdebase-3.5.4/kdm/backend/ctrl.c	2010-03-19 12:50:30.000000000 +0100
@@ -140,22 +140,24 @@ openCtrl( struct display *d )
 				if (strlen( cr->path ) >= sizeof(sa.sun_path))
 					LogError( "path %\"s too long; no control sockets will be available\n",
 					          cr->path );
-				else if (mkdir( sockdir, 0755 ) && errno != EEXIST)
+				else if (mkdir( sockdir, 0700 ) && errno != EEXIST)
 					LogError( "mkdir %\"s failed; no control sockets will be available\n",
 					          sockdir );
+				else if (unlink( cr->path ) && errno != ENOENT)
+					LogError( "unlink %\"s failed: %m; control socket will not be available\n",
+					          cr->path );
 				else {
-					if (!d)
-						chown( sockdir, -1, fifoGroup );
-					chmod( sockdir, 0750 );
 					if ((cr->fd = socket( PF_UNIX, SOCK_STREAM, 0 )) < 0)
 						LogError( "Cannot create control socket\n" );
 					else {
-						unlink( cr->path );
 						sa.sun_family = AF_UNIX;
 						strcpy( sa.sun_path, cr->path );
 						if (!bind( cr->fd, (struct sockaddr *)&sa, sizeof(sa) )) {
 							if (!listen( cr->fd, 5 )) {
-								chmod( cr->path, 0666 );
+								chmod( cr->path, 0660 );
+								if (!d)
+								   chown( cr->path, -1, fifoGroup );
+								chmod( sockdir, 0755 );
 								RegisterCloseOnFork( cr->fd );
 								RegisterInput( cr->fd );
 								free( sockdir );
@@ -218,12 +220,8 @@ chownCtrl( CtrlRec *cr, int uid )
 {
 	if (cr->fpath)
 		chown( cr->fpath, uid, -1 );
-	if (cr->path) {
-		char *ptr = strrchr( cr->path, '/' );
-		*ptr = 0;
+	if (cr->path)
 		chown( cr->path, uid, -1 );
-		*ptr = '/';
-	}
 }
 
 void

_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"