[Debian Bug#67364: gdm: minor uid switch problems etc. [PATCH]]

From: Ryan Murray <rmurray debian org>
To: gdm sunsite auc dk
Cc: 67364-forwarded bugs debian org, topi miettinen nic fi
Subject: [Debian Bug#67364: gdm: minor uid switch problems etc. [PATCH]]
Date: Tue, 18 Jul 2000 13:46:12 -0700

Just incase this hasn't been rewritten in the coming version...

----- Forwarded message from Topi Miettinen <Topi Miettinen nic fi> -----

Subject: Bug#67364: gdm: minor uid switch problems etc. [PATCH]
From: Topi Miettinen <Topi Miettinen nic fi>
To: submit bugs debian org
Date: Tue, 18 Jul 2000 02:26:49 +0300

Package: gdm
Version: 2.0-0.beta4.10
Severity: normal

GDM changes effective uid and gid when doing certain operations by calling
seteuid() and setegid(). The calling sequence when regaining root
privileges is incorrect, the seteuid() call must be done first. This patch
attempts to fix the problem. I can't see how this bug could cause security
problems.

The protocol between master and slave processes includes a quit command,
but it's not used. The patch makes the master send the command before
kill() is used. This actually matters in situations where the master
process lacks the privilege to kill other users' processes (CAP_KILL).

-Topi

diff -ru ./gdm-2.0beta4/daemon/slave.c.orig ./gdm-2.0beta4/daemon/slave.c
--- ./gdm-2.0beta4/daemon/slave.c.orig	Tue Jul 18 01:45:05 2000
+++ ./gdm-2.0beta4/daemon/slave.c	Tue Jul 18 01:58:06 2000
@@ -312,8 +312,8 @@
 	usrlang = "";
     }

-    setegid (GdmGroupId);
     seteuid (0);
+    setegid (GdmGroupId);

     session = gdm_slave_greeter_ctl (GDM_SESS, usrsess);
     language = gdm_slave_greeter_ctl (GDM_LANG, usrlang);
@@ -325,6 +325,7 @@
 	savelang = TRUE;

     gdm_debug ("gdm_slave_session_start: Authentication completed. 
Whacking greeter");
+    g_print ("%c\n", GDM_QUIT);

     sigemptyset (&mask);
     sigaddset (&mask, SIGCHLD);
@@ -411,8 +412,8 @@

     authok = gdm_auth_user_add (d, pwent->pw_uid, pwent->pw_dir);

-    setegid (GdmGroupId);
     seteuid (0);
+    setegid (GdmGroupId);

     if (!authok) {
 	gdm_slave_session_stop();
@@ -530,8 +531,8 @@

     gdm_auth_user_remove (d, pwent->pw_uid);

-    setegid (GdmGroupId);
     seteuid (0);
+    setegid (GdmGroupId);
 }

----- End forwarded message -----

-- 
Ryan Murray, (rmurray cyberhqz com, rmurray debian org, rmurray stormix com)
Programmer, Stormix Technologies Inc., Debian Developer
The opinions expressed here are my own.

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]