On ven., 2011-08-26 at 10:58 +0200, Yves-Alexis Perez wrote: > > However I didnt dig deep enough into it to write an exploit as I dont have > > a working lightdm setup. The correct behavior is to temporarily drop > > euid/fsuid > > to that of the user if doing anything with his files. > > Yeah, I'm currently cooking patches doing that, though they'll need > review before apply.
Would something like:
diff --git a/src/dmrc.c b/src/dmrc.c
index bff1da8..9f38faf 100644
--- a/src/dmrc.c
+++ b/src/dmrc.c
@@ -80,11 +80,25 @@ dmrc_save (GKeyFile *dmrc_file, const gchar *username)
/* Update the users .dmrc */
if (user)
{
+ /* write the file as the user itself */
+ pid_t pid;
+ pid = fork();
+
+ if (pid == 0)
+ {
+ if (setuid (user_get_uid(user)) < 0)
+ {
+ g_warning("Error changing uid for %s: %s", username,
g_strerror(errno));
+ _exit(EXIT_FAILURE);
+ }
path = g_build_filename (user_get_home_directory (user), ".dmrc",
NULL);
g_file_set_contents (path, data, length, NULL);
- if (getuid () == 0 && chown (path, user_get_uid (user), user_get_gid
(user)) < 0)
- g_warning ("Error setting ownership on %s: %s", path, strerror
(errno));
g_free (path);
+ _exit(EXIT_SUCCESS);
+
+ }
+ if (pid > 0)
+ wait(NULL);
}
/* Update the .dmrc cache */
do the job (untested, it's more like a RFC right now).
Regards,
--
Yves-Alexis
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Pkg-xfce-devel mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-xfce-devel
