summaryrefslogtreecommitdiffstats
path: root/x11/rxvt
diff options
context:
space:
mode:
authorpst <pst@FreeBSD.org>1996-01-11 09:00:12 +0000
committerpst <pst@FreeBSD.org>1996-01-11 09:00:12 +0000
commitd6a3bd57b519952a766b0bf7e95f82e211d81d18 (patch)
tree7b55dc641d762219ee8b6cc83f0479882ba75480 /x11/rxvt
parenta2f96d1c2d057de2f5892e4d0b9a93c22fc22f2b (diff)
downloadFreeBSD-ports-d6a3bd57b519952a766b0bf7e95f82e211d81d18.zip
FreeBSD-ports-d6a3bd57b519952a766b0bf7e95f82e211d81d18.tar.gz
Patch around a security vulnerability in rxvt. Give up root privileges when
they're not necessary. RXVT's handling of /etc/utmp is blatantly idiotic under FreeBSD but at least it's not a security hole anymore. Obtained from: Marc Ewing (marc@redhat.com) from BUGTRAQ mailing list.
Diffstat (limited to 'x11/rxvt')
-rw-r--r--x11/rxvt/files/patch-ac156
1 files changed, 156 insertions, 0 deletions
diff --git a/x11/rxvt/files/patch-ac b/x11/rxvt/files/patch-ac
new file mode 100644
index 0000000..fc4ab87
--- /dev/null
+++ b/x11/rxvt/files/patch-ac
@@ -0,0 +1,156 @@
+# The following is a security patch for rxvt, it (hopefully) avoids problems
+# with unauthorized users obtaining root.
+#
+# Based upon code provided by Marc Ewing (marc@redhat.com) for a previous
+# version of rxvt.
+
+*** rxvt.h Sat Feb 19 09:41:52 1994
+--- rxvt.h Wed Jan 10 23:42:09 1996
+***************
+*** 21,23 ****
+--- 21,27 ----
+ extern void clean_exit(int);
+ extern void cleanutent(void);
+ extern void makeutent(char *);
++
++ void save_privs(void);
++ void get_privs(void);
++ void release_privs(void);
+*** rxvt.c Fri Aug 5 08:52:07 1994
+--- rxvt.c Wed Jan 10 23:45:04 1996
+***************
+*** 45,50 ****
+--- 45,54 ----
+ int i;
+ char *shell;
+ char **com_argv;
++
++ /* Save and give up setuid/setgid privileges */
++ save_privs();
++ release_privs();
+
+ for (i = 0; i < argc; i++)
+ if (strcmp(argv[i],"-e") == 0)
+*** command.c Thu Oct 20 07:35:44 1994
+--- command.c Wed Jan 10 23:46:04 1996
+***************
+*** 222,227 ****
+--- 222,247 ----
+ }
+ #endif
+
++ static uid_t saved_uid;
++ static gid_t saved_gid;
++
++ void save_privs()
++ {
++ saved_uid = geteuid();
++ saved_gid = getegid();
++ }
++
++ void get_privs()
++ {
++ seteuid(saved_uid);
++ seteuid(saved_gid);
++ }
++
++ void release_privs()
++ {
++ seteuid(getuid());
++ setegid(getgid());
++ }
+
+ /* Catch a SIGCHLD signal and exit if the direct child has died.
+ */
+***************
+*** 337,344 ****
+--- 357,366 ----
+ gid = gr->gr_gid;
+ else
+ gid = -1;
++ get_privs();
+ fchown(ttyfd,uid,gid);
+ fchmod(ttyfd,0600);
++ release_privs();
+ #endif
+ #ifdef TIOCCONS
+ if (console)
+*** utmp.c Mon Oct 3 17:47:56 1994
+--- utmp.c Wed Jan 10 23:48:56 1996
+***************
+*** 71,79 ****
+--- 71,81 ----
+ extern char ttynam[];
+ extern struct stat ttyfd_stat;
+
++ get_privs();
+ chmod(ttynam,ttyfd_stat.st_mode);
+
+ chown(ttynam,ttyfd_stat.st_uid,ttyfd_stat.st_gid);
++ release_privs();
+ #endif
+ if(madeutent)
+ cleanutent();
+***************
+*** 166,171 ****
+--- 168,174 ----
+ {
+ FILE *utmp;
+
++ get_privs();
+ if((utmp = fopen(UTMP,"r+")) == NULL)
+ return -1;
+ utmp_pos = get_tslot(ttyname) * sizeof(struct utmp);
+***************
+*** 174,179 ****
+--- 177,183 ----
+ fseek(utmp,utmp_pos,0);
+ fwrite((char *)u, sizeof(struct utmp),1,utmp);
+ fclose(utmp);
++ release_privs();
+ madeutent = 1;
+ return(utmp_pos);
+ }
+***************
+*** 250,259 ****
+--- 254,265 ----
+ int write_utmp(struct utmp * u)
+ {
+ int pos;
++ get_privs();
+ utmpname(UTMP);
+ setutent();
+ pututline(u);
+ endutent();
++ release_privs();
+ pos = (int)NULL;
+ madeutent = 1;
+ return(pos);
+***************
+*** 305,311 ****
+ {
+ int pid;
+ struct utmp *u;
+!
+ utmpname(UTMP);
+ setutent();
+ pid = getpid();
+--- 311,318 ----
+ {
+ int pid;
+ struct utmp *u;
+!
+! get_privs();
+ utmpname(UTMP);
+ setutent();
+ pid = getpid();
+***************
+*** 333,338 ****
+--- 340,346 ----
+ endutent();
+ }
+ }
++ release_privs();
+ }
+
+ #endif /* BSD */
OpenPOWER on IntegriCloud