patches

X Strike Force SVN Admin Wed, 03 Sep 2003 17:41:00 -0700

Author: branden
Date: 2003-09-03 19:39:56 -0500 (Wed, 03 Sep 2003)
New Revision: 479


Modified:
   branches/4.1.0/woody/debian/patches/071_SECURITY_improved_MIT-SHM_fix.diff
Log:
debian/patches/071_SECURITY_improved_MIT-SHM_fix.diff: didn't remove enough
  code when backporting this patch; I had left in some of the old, bad fix


Modified: branches/4.1.0/woody/debian/patches/071_SECURITY_improved_MIT-SHM_fix.diff
===================================================================
--- branches/4.1.0/woody/debian/patches/071_SECURITY_improved_MIT-SHM_fix.diff  
2003-09-04 00:23:24 UTC (rev 478)
+++ branches/4.1.0/woody/debian/patches/071_SECURITY_improved_MIT-SHM_fix.diff  
2003-09-04 00:39:56 UTC (rev 479)
@@ -34,8 +34,8 @@
  Next, attach this shared memory segment to your process:
  .Cs
  shminfo.shmaddr = image->data = shmat (shminfo.shmid, 0, 0);
---- xc/programs/Xserver/Xext/shm.c~    2003-09-02 18:37:00.000000000 -0500
-+++ xc/programs/Xserver/Xext/shm.c     2003-09-02 18:39:07.000000000 -0500
+--- xc/programs/Xserver/Xext/shm.c~    2003-09-03 19:32:08.000000000 -0500
++++ xc/programs/Xserver/Xext/shm.c     2003-09-03 19:37:06.000000000 -0500
 @@ -33,6 +33,7 @@
  #include <ipc.h>
  #include <shm.h>
@@ -125,41 +125,46 @@
  
  static int
  ProcShmAttach(client)
-@@ -409,10 +406,8 @@
+@@ -407,12 +404,6 @@
+     struct shmid_ds buf;
+     ShmDescPtr shmdesc;
      REQUEST(xShmAttachReq);
-     uid_t ruid;
-     gid_t rgid;
+-    uid_t ruid;
+-    gid_t rgid;
 -#ifdef HAS_SAVED_IDS_AND_SETEUID
-     uid_t euid;
-     gid_t egid;
+-    uid_t euid;
+-    gid_t egid;
 -#endif
  
      REQUEST_SIZE_MATCH(xShmAttachReq);
      LEGAL_NEW_RESOURCE(stuff->shmseg, client);
-@@ -438,7 +433,6 @@
+@@ -436,44 +427,25 @@
+       shmdesc = (ShmDescPtr) xalloc(sizeof(ShmDescRec));
+       if (!shmdesc)
            return BadAlloc;
-       ruid = getuid();
-       rgid = getgid();
+-      ruid = getuid();
+-      rgid = getgid();
 -#ifdef HAS_SAVED_IDS_AND_SETEUID
-       euid = geteuid();
-       egid = getegid();
- 
-@@ -448,32 +442,31 @@
-               return BadAccess;
-           }
-       }
+-      euid = geteuid();
+-      egid = getegid();
+-
+-      if (euid != ruid || egid != rgid) {
+-          /* Temporarly switch back to real ids */
+-          if (seteuid(ruid) == -1 || setegid(rgid) == -1) {
+-              return BadAccess;
+-          }
+-      }
 -#endif
        shmdesc->addr = shmat(stuff->shmid, 0,
                              stuff->readOnly ? SHM_RDONLY : 0);
 -#ifdef HAS_SAVED_IDS_AND_SETEUID
-       if (euid != ruid || egid != rgid) {
-           /* Switch back to root privs */
-           if (seteuid(euid) == -1 || setegid(egid) == -1) {
-               return BadAccess;
-           }
+-      if (euid != ruid || egid != rgid) {
+-          /* Switch back to root privs */
+-          if (seteuid(euid) == -1 || setegid(egid) == -1) {
+-              return BadAccess;
+-          }
 -      } 
 -#endif
-+      }
        if ((shmdesc->addr == ((char *)-1)) ||
            shmctl(stuff->shmid, IPC_STAT, &buf))
        {


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

X Strike Force SVN commit: rev 479 - branches/4.1.0/woody/debian/patches

Reply via email to