53 lines
1.8 KiB
Plaintext
53 lines
1.8 KiB
Plaintext
$OpenBSD: patch-kdm_backend_ctrl_c,v 1.1 2010/05/13 07:01:00 ajacoutot Exp $
|
|
|
|
CVE-2010-0436, see:
|
|
http://www.kde.org/info/security/advisory-20100413-1.txt
|
|
|
|
--- kdm/backend/ctrl.c.orig Mon Jan 15 12:32:23 2007
|
|
+++ kdm/backend/ctrl.c Thu May 13 08:57:25 2010
|
|
@@ -140,22 +140,24 @@ openCtrl( struct display *d )
|
|
if (strlen( cr->path ) >= sizeof(sa.sun_path))
|
|
LogError( "path %\"s too long; no control sockets will be available\n",
|
|
cr->path );
|
|
- else if (mkdir( sockdir, 0755 ) && errno != EEXIST)
|
|
+ else if (mkdir( sockdir, 0700 ) && errno != EEXIST)
|
|
LogError( "mkdir %\"s failed; no control sockets will be available\n",
|
|
sockdir );
|
|
+ else if (unlink( cr->path ) && errno != ENOENT)
|
|
+ LogError( "unlink %\"s failed: %m; control socket will not be available\n",
|
|
+ cr->path );
|
|
else {
|
|
- if (!d)
|
|
- chown( sockdir, -1, fifoGroup );
|
|
- chmod( sockdir, 0750 );
|
|
if ((cr->fd = socket( PF_UNIX, SOCK_STREAM, 0 )) < 0)
|
|
LogError( "Cannot create control socket\n" );
|
|
else {
|
|
- unlink( cr->path );
|
|
sa.sun_family = AF_UNIX;
|
|
strcpy( sa.sun_path, cr->path );
|
|
if (!bind( cr->fd, (struct sockaddr *)&sa, sizeof(sa) )) {
|
|
if (!listen( cr->fd, 5 )) {
|
|
- chmod( cr->path, 0666 );
|
|
+ chmod( cr->path, 0660 );
|
|
+ if (!d)
|
|
+ chown( cr->path, -1, fifoGroup );
|
|
+ chmod( sockdir, 0755 );
|
|
RegisterCloseOnFork( cr->fd );
|
|
RegisterInput( cr->fd );
|
|
free( sockdir );
|
|
@@ -218,12 +220,8 @@ chownCtrl( CtrlRec *cr, int uid )
|
|
{
|
|
if (cr->fpath)
|
|
chown( cr->fpath, uid, -1 );
|
|
- if (cr->path) {
|
|
- char *ptr = strrchr( cr->path, '/' );
|
|
- *ptr = 0;
|
|
+ if (cr->path)
|
|
chown( cr->path, uid, -1 );
|
|
- *ptr = '/';
|
|
- }
|
|
}
|
|
|
|
void
|