* Security update. Fix for setuid privledge escalation vulernabilities in

xinit, xf86dga, and xload. See http://lists.freedesktop.org/archives/xorg/2006-June/016146.html for the full advisory. This package applies the patches for the 7.0 release of those apps.
2006-06-30 05:13:43 +00:00 · 2006-06-30 05:13:43 +00:00 · 8e537c59dd
parent 832f6dad5c
commit 8e537c59dd
3 changed files with 83 additions and 0 deletions
--- a/debian/changelog
+++ b/debian/changelog
@ -1,3 +1,13 @@
+xbase-clients (1:7.1.ds-2) unstable; urgency=high
+
+  * Security update. Fix for setuid privledge escalation vulernabilities in
+    xinit, xf86dga, and xload. See
+    http://lists.freedesktop.org/archives/xorg/2006-June/016146.html for the
+    full advisory. This package applies the patches for the 7.0 release of
+    those apps.
+
+ -- David Nusinow <dnusinow@debian.org>  Fri, 30 Jun 2006 01:10:17 -0400
+
 xbase-clients (1:7.1.ds-1) unstable; urgency=low

  [ Steve Langasek ]
--- a/debian/patches/14_SECURITY_setuid.diff
+++ b/debian/patches/14_SECURITY_setuid.diff
@ -0,0 +1,72 @@
+Index: xbase-clients/xf86dga-X11R7.0-1.0.1/dga.c
+===================================================================
+--- xbase-clients.orig/xf86dga-X11R7.0-1.0.1/dga.c	2006-06-30 01:06:00.000000000 -0400
+++ xbase-clients/xf86dga-X11R7.0-1.0.1/dga.c	2006-06-30 01:06:50.000000000 -0400
+@@ -16,6 +16,7 @@
+ #include <X11/Xmd.h>
+ #include <X11/extensions/xf86dga.h>
+ #include <ctype.h>
+#include <errno.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <signal.h>
+@@ -141,7 +142,10 @@
+ 
+ #ifndef __UNIXOS2__
+    /* Give up root privs */
+-   setuid(getuid());
+   if (setuid(getuid()) == -1) {
+      fprintf(stderr, "Unable to change uid: %s\n", strerror(errno));
+      exit(2);
+   }
+ #endif
+ 
+    XF86DGASetViewPort(dis, DefaultScreen(dis), 0, 0);
+Index: xbase-clients/xinit/xinit.c
+===================================================================
+--- xbase-clients.orig/xinit/xinit.c	2006-06-30 01:07:11.000000000 -0400
+++ xbase-clients/xinit/xinit.c	2006-06-30 01:07:49.000000000 -0400
+@@ -692,7 +692,10 @@
+ startClient(char *client[])
+ {
+ 	if ((clientpid = vfork()) == 0) {
+-		setuid(getuid());
+        if (setuid(getuid()) == -1) {
+            Error("cannot change uid: %s\n", strerror(errno));
+            _exit(ERR_EXIT);
+        }
+ 		setpgrp(0, getpid());
+ 		environ = newenviron;
+ #ifdef __UNIXOS2__
+Index: xbase-clients/xload-X11R7.0-1.0.1/xload.c
+===================================================================
+--- xbase-clients.orig/xload-X11R7.0-1.0.1/xload.c	2006-06-30 01:08:01.000000000 -0400
+++ xbase-clients/xload-X11R7.0-1.0.1/xload.c	2006-06-30 01:08:51.000000000 -0400
+@@ -35,6 +35,7 @@
+  */
+ 
+ 
+#include <errno.h>
+ #include <stdio.h> 
+ #include <stdlib.h>
+ #include <unistd.h>
+@@ -162,8 +163,17 @@
+     /* For security reasons, we reset our uid/gid after doing the necessary
+        system initialization and before calling any X routines. */
+     InitLoadPoint();
+-    setgid(getgid());		/* reset gid first while still (maybe) root */
+-    setuid(getuid());
+    /* reset gid first while still (maybe) root */
+    if (setgid(getgid()) == -1) {
+       fprintf(stderr, "%s: setgid failed: %s\n", 
+       ProgramName, strerror(errno));
+       exit(1);
+    }
+    if (setuid(getuid()) == -1) {
+       fprintf(stderr, "%s: setuid failed: %s\n", 
+       ProgramName, strerror(errno));
+       exit(1);
+    }
+ 
+     XtSetLanguageProc(NULL, (XtLanguageProc) NULL, NULL);
+ 
--- a/debian/patches/series
+++ b/debian/patches/series
@ -10,3 +10,4 @@
 11_xkb_documentation_updates.diff -p0
 12_startx_paths.diff
 pkgconfig_naughtiness -p0
+14_SECURITY_setuid.diff