Hello community, here is the log from the commit of package libgnomesu for openSUSE:11.3 checked in at Mon Jun 20 18:06:35 CEST 2011. -------- --- old-versions/11.3/all/libgnomesu/libgnomesu.changes 2010-06-04 01:31:14.000000000 +0200 +++ 11.3/libgnomesu/libgnomesu.changes 2011-06-17 17:49:36.000000000 +0200 @@ -1,0 +2,14 @@ +Fri Jun 10 17:48:36 CEST 2011 - vuntz@opensuse.org + +- Add libgnomesu-check-setuid-retval.patch: really handle return + value of the setuid() call, to avoid a root exploit if it fails + because of rlimits. Fix bnc#695627 and CVE-2011-1946. +- Add libgnomesu-use-pam_xauth.patch: with the pam backend, we + should stop playing with xauth ourselves and let pam_xauth handle + this. It turns out it's already configured to do so in + gnomesu-pam.pamd, but we're hiding things to it. +- Add libgnomesu-reorder-pam-init.patch: in the pam backend, we + want to initialize everything in the right order, and we use the + coreutils/su code as reference for this. + +------------------------------------------------------------------- Package does not exist at destination yet. Using Fallback old-versions/11.3/all/libgnomesu Destination is old-versions/11.3/UPDATES/all/libgnomesu calling whatdependson for 11.3-i586 New: ---- libgnomesu-check-setuid-retval.patch libgnomesu-reorder-pam-init.patch libgnomesu-use-pam_xauth.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libgnomesu.spec ++++++ --- /var/tmp/diff_new_pack.XBztlq/_old 2011-06-20 17:54:43.000000000 +0200 +++ /var/tmp/diff_new_pack.XBztlq/_new 2011-06-20 17:54:43.000000000 +0200 @@ -1,7 +1,7 @@ # -# spec file for package libgnomesu (Version 1.0.0) +# spec file for package libgnomesu # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,7 +19,7 @@ Name: libgnomesu Version: 1.0.0 -Release: 317 +Release: 322.<RELEASE2> License: LGPLv2.1+ Summary: GNOME su Library Url: http://members.chello.nl/~h.lai/libgnomesu/ @@ -56,6 +56,12 @@ Patch14: libgnomesu-i18n.patch # PATCH-FIX-UPSTREAM libgnomesu-no-manual-memory-cleaning.patch bnc351917 vuntz@opensuse.org -- Let GTK+ remove passwords from memory Patch15: libgnomesu-no-manual-memory-cleaning.patch +# PATCH-FIX-UPSTREAM libgnomesu-use-pam_xauth.patch bnc#667577 vuntz@opensuse.org -- Let pam_xauth handle xauth stuff if using pam backend +Patch16: libgnomesu-use-pam_xauth.patch +# PATCH-FIX-UPSTREAM libgnomesu-reorder-pam-init.patch vuntz@opensuse.org -- Do commands in the same order as in coreutils/su.c in pam backend +Patch17: libgnomesu-reorder-pam-init.patch +# PATCH-FIX-UPSTREAM libgnomesu-check-setuid-retval.patch bnc#695627 CVE-2011-1946 vuntz@opensuse.org -- Really handle return value of setuid() +Patch18: libgnomesu-check-setuid-retval.patch BuildRequires: fdupes BuildRequires: gconf2-devel BuildRequires: gtk2-devel @@ -115,6 +121,9 @@ %patch13 -p1 %patch14 -p1 %patch15 -p1 +%patch16 -p1 +%patch17 -p1 +%patch18 -p1 cp -a %{S:1} pam-backend/gnomesu-pam # Upstream is dead, libgnomesu.po in LCN includes strings in our patches: translation-update-upstream ++++++ libgnomesu-check-setuid-retval.patch ++++++ Index: libgnomesu-1.0.0/pam-backend/pam.c =================================================================== --- libgnomesu-1.0.0.orig/pam-backend/pam.c +++ libgnomesu-1.0.0/pam-backend/pam.c @@ -338,7 +338,15 @@ main (int argc, char *argv[]) #ifdef HAVE_SETFSUID setfsuid (pw->pw_uid); #endif /* HAVE_SETFSUID */ - change_identity (pw); + + if (change_identity (pw)) { + pam_close_session (pamh, 0); + if (setcred) + pam_setcred (pamh, PAM_DELETE_CRED | PAM_SILENT); + close_pam (pamh, retval); + fprintf (outf, PROTOCOL_ERROR); + return 1; + } modify_environment (pw); Index: libgnomesu-1.0.0/su-backend/common.c =================================================================== --- libgnomesu-1.0.0.orig/su-backend/common.c +++ libgnomesu-1.0.0/su-backend/common.c @@ -232,13 +232,20 @@ init_groups (const struct passwd *pw) #endif } -void +int change_identity (const struct passwd *pw) { - if (setgid (pw->pw_gid)) + if (setgid (pw->pw_gid)) { perror ("cannot set group id"); - if (setuid (pw->pw_uid)) + return -1; + } + + if (setuid (pw->pw_uid)) { perror ("cannot set user id"); + return -1; + } + + return 0; } void Index: libgnomesu-1.0.0/su-backend/su.c =================================================================== --- libgnomesu-1.0.0.orig/su-backend/su.c +++ libgnomesu-1.0.0/su-backend/su.c @@ -323,7 +323,12 @@ main (int argc, char **argv) init_xauth (pw); modify_environment (pw); init_groups (pw); - change_identity (pw); + + if (change_identity (pw)) { + fprintf (outf, PROTOCOL_ERROR); + return 1; + } + setup_xauth (pw); fprintf (outf, PROTOCOL_DONE); Index: libgnomesu-1.0.0/su-backend/common.h =================================================================== --- libgnomesu-1.0.0.orig/su-backend/common.h +++ libgnomesu-1.0.0/su-backend/common.h @@ -31,7 +31,7 @@ void xputenv (const char *val); void init_xauth (const struct passwd *pw); void setup_xauth (const struct passwd *pw); void init_groups (const struct passwd *pw); -void change_identity (const struct passwd *pw); +int change_identity (const struct passwd *pw); void modify_environment (const struct passwd *pw); void *safe_memset (void *s, int c, size_t n); ++++++ libgnomesu-reorder-pam-init.patch ++++++ Index: libgnomesu-1.0.0/pam-backend/pam.c =================================================================== --- libgnomesu-1.0.0.orig/pam-backend/pam.c +++ libgnomesu-1.0.0/pam-backend/pam.c @@ -323,18 +323,25 @@ main (int argc, char *argv[]) char **command = argv + 4; pid_t pid; int exitCode = 1, status; + int setcred = 0; - modify_environment (pw); - #ifdef HAVE_SETFSUID - setfsuid (pw->pw_uid); - #endif /* HAVE_SETFSUID */ - change_identity (pw); + init_groups (pw); retval = pam_setcred (pamh, PAM_ESTABLISH_CRED); if (retval != PAM_SUCCESS) fprintf (stderr, "Warning: %s\n", pam_strerror (pamh, retval)); + else + setcred = 1; pam_open_session (pamh, 0); + + #ifdef HAVE_SETFSUID + setfsuid (pw->pw_uid); + #endif /* HAVE_SETFSUID */ + change_identity (pw); + + modify_environment (pw); + pid = fork (); switch (pid) { @@ -364,6 +371,8 @@ main (int argc, char *argv[]) break; } pam_close_session (pamh, 0); + if (setcred) + pam_setcred (pamh, PAM_DELETE_CRED | PAM_SILENT); close_pam (pamh, retval); /* evecvp() failed */ Index: libgnomesu-1.0.0/su-backend/common.c =================================================================== --- libgnomesu-1.0.0.orig/su-backend/common.c +++ libgnomesu-1.0.0/su-backend/common.c @@ -223,13 +223,18 @@ modify_environment (const struct passwd /* Become the user and group(s) specified by PW. */ void -change_identity (const struct passwd *pw) +init_groups (const struct passwd *pw) { #ifdef HAVE_INITGROUPS errno = 0; initgroups (pw->pw_name, pw->pw_gid); endgrent (); #endif +} + +void +change_identity (const struct passwd *pw) +{ if (setgid (pw->pw_gid)) perror ("cannot set group id"); if (setuid (pw->pw_uid)) Index: libgnomesu-1.0.0/su-backend/common.h =================================================================== --- libgnomesu-1.0.0.orig/su-backend/common.h +++ libgnomesu-1.0.0/su-backend/common.h @@ -30,6 +30,7 @@ char *concat (const char *s1, const char void xputenv (const char *val); void init_xauth (const struct passwd *pw); void setup_xauth (const struct passwd *pw); +void init_groups (const struct passwd *pw); void change_identity (const struct passwd *pw); void modify_environment (const struct passwd *pw); void *safe_memset (void *s, int c, size_t n); Index: libgnomesu-1.0.0/su-backend/su.c =================================================================== --- libgnomesu-1.0.0.orig/su-backend/su.c +++ libgnomesu-1.0.0/su-backend/su.c @@ -322,6 +322,7 @@ main (int argc, char **argv) init_xauth (pw); modify_environment (pw); + init_groups (pw); change_identity (pw); setup_xauth (pw); ++++++ libgnomesu-use-pam_xauth.patch ++++++ Index: libgnomesu-1.0.0/su-backend/common.c =================================================================== --- libgnomesu-1.0.0.orig/su-backend/common.c +++ libgnomesu-1.0.0/su-backend/common.c @@ -97,6 +97,32 @@ saveXauth (void) g_string_free (data, FALSE); } +void +init_xauth (const struct passwd *pw) +{ + const char *env_term; + const char *env_xauthority; + + env_term = g_getenv ("TERM"); + env_xauthority = g_getenv ("XAUTHORITY"); + + /* Sanity-check the environment variables as best we can: those + * which aren't path names shouldn't contain "/", and none of + * them should contain ".." or "%". */ + if (env_term && + (strstr(env_term, "..") || + strchr(env_term, '%'))) + setenv ("XAUTHORITY", "dumb", 1); + if (env_xauthority && + (strstr(env_xauthority , "..") || + strchr(env_xauthority , '%'))) + unsetenv ("XAUTHORITY"); + + /* Setup X authentication stuff. */ + saveXauth (); + xputenv (concat ("XAUTHORITY=", pw->pw_dir, "/.Xauthority")); +} + /* Update environment variables for the new user. */ void @@ -105,7 +131,7 @@ modify_environment (const struct passwd const gchar *path; const char *env_term; const char *env_display, *env_shell; - const char *env_lang, *env_lcall, *env_lcmsgs, *env_xauthority; + const char *env_lang, *env_lcall, *env_lcmsgs; const char *env_dbus; /* Sanity-check the environment variables as best we can: those @@ -117,7 +143,6 @@ modify_environment (const struct passwd env_lcmsgs = g_getenv ("LC_MESSAGES"); env_shell = g_getenv ("SHELL"); env_term = g_getenv ("TERM"); - env_xauthority = g_getenv ("XAUTHORITY"); if (env_display && (strstr(env_display, "..") || @@ -142,19 +167,7 @@ modify_environment (const struct passwd (strstr(env_shell, "..") || strchr(env_shell, '%'))) unsetenv ("SHELL"); - if (env_term && - (strstr(env_term, "..") || - strchr(env_term, '%'))) - setenv ("XAUTHORITY", "dumb", 1); - if (env_xauthority && - (strstr(env_xauthority , "..") || - strchr(env_xauthority , '%'))) - unsetenv ("XAUTHORITY"); - - /* Setup X authentication stuff. */ - saveXauth (); - xputenv (concat ("XAUTHORITY=", pw->pw_dir, "/.Xauthority")); if (!g_getenv ("ICEAUTHORITY")) xputenv (concat ("ICEAUTHORITY=", pw->pw_dir, "/.ICEauthority")); @@ -212,10 +225,6 @@ modify_environment (const struct passwd void change_identity (const struct passwd *pw) { - FILE *p; - const gchar *hostname; - gchar *command; - #ifdef HAVE_INITGROUPS errno = 0; initgroups (pw->pw_name, pw->pw_gid); @@ -225,6 +234,13 @@ change_identity (const struct passwd *pw perror ("cannot set group id"); if (setuid (pw->pw_uid)) perror ("cannot set user id"); +} + +void +setup_xauth (const struct passwd *pw) +{ + FILE *p; + gchar *command; command = g_strdup_printf ("xauth -q remove %s/unix:0", g_get_host_name ()); g_spawn_command_line_sync (command, NULL, NULL, NULL, NULL); Index: libgnomesu-1.0.0/su-backend/common.h =================================================================== --- libgnomesu-1.0.0.orig/su-backend/common.h +++ libgnomesu-1.0.0/su-backend/common.h @@ -28,6 +28,8 @@ char *concat (const char *s1, const char *s2, const char *s3); void xputenv (const char *val); +void init_xauth (const struct passwd *pw); +void setup_xauth (const struct passwd *pw); void change_identity (const struct passwd *pw); void modify_environment (const struct passwd *pw); void *safe_memset (void *s, int c, size_t n); Index: libgnomesu-1.0.0/su-backend/su.c =================================================================== --- libgnomesu-1.0.0.orig/su-backend/su.c +++ libgnomesu-1.0.0/su-backend/su.c @@ -320,8 +320,10 @@ main (int argc, char **argv) } } + init_xauth (pw); modify_environment (pw); change_identity (pw); + setup_xauth (pw); fprintf (outf, PROTOCOL_DONE); fclose (inf); ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org