gdm r6786 - in branches/gnome-2-20: . daemon

[bcameron svn gnome org]

Author: bcameron
Date: Thu Mar 19 04:31:07 2009
New Revision: 6786
URL: http://svn.gnome.org/viewvc/gdm?rev=6786&view=rev

Log:
2009-03-19 Brian Cameron <brian cameron sun com>

        * daemon/slave.c: Make sure that gid/egid are set to 0 when running
          the Init, PostLogin, PreSession, and PostSession scripts.  This
          ensures that all scripts are run with consistent permisions.


Modified:
   branches/gnome-2-20/ChangeLog
   branches/gnome-2-20/daemon/slave.c

Modified: branches/gnome-2-20/daemon/slave.c
==============================================================================
--- branches/gnome-2-20/daemon/slave.c	(original)
+++ branches/gnome-2-20/daemon/slave.c	Thu Mar 19 04:31:07 2009
@@ -5816,6 +5816,8 @@
 		       gboolean pass_stdout)
 {
 	pid_t pid;
+	gid_t save_gid;
+	gid_t save_egid;
 	char *script;
 	gchar **argv = NULL;
 	gint status;
@@ -5865,6 +5867,16 @@
 		return EXIT_SUCCESS;
 	}
 
+	/*
+	 * Make sure that gid/egid are set to 0 when running the scripts, so
+	 * that the scripts are run with standard permisions.  Reset gid/egid
+	 * back to their original values after running the script.
+	 */
+	save_egid = getegid ();
+	save_gid  = getgid ();
+	setegid (0);
+	setgid (0);
+
 	create_temp_auth_file ();
 
 	gdm_debug ("Forking extra process: %s", script);
@@ -5959,15 +5971,20 @@
 		gdm_slave_whack_temp_auth_file ();
 		g_free (script);
 		g_error (_("%s: Can't fork script process!"), "gdm_slave_exec_script");
+
+		setgid (save_gid);
+		setegid (save_egid);
+
 		return EXIT_SUCCESS;
 
 	default:
 		gdm_wait_for_extra (extra_process, &status);
-
 		gdm_slave_whack_temp_auth_file ();
-
 		g_free (script);
 
+		setgid (save_gid);
+		setegid (save_egid);
+
 		if (WIFEXITED (status))
 			return WEXITSTATUS (status);
 		else