Security bump. Failure to check the return value of setuid() in a privileged process could be used by a local user for file overwriting and possible privilege escalation in corner cases. See http://lists.freedesktop.org/archives/xorg/2006-June/016146.html for more information.

(Portage version: 2.1.1_pre1-r1)

4 files changed, 125 insertions, 1 deletions

diff --git a/x11-apps/xdm/ChangeLog b/x11-apps/xdm/ChangeLog
index eaf721df03e1..32991997990f 100644
--- a/x11-apps/xdm/ChangeLog
+++ b/x11-apps/xdm/ChangeLog
@@ -1,6 +1,17 @@
 # ChangeLog for x11-apps/xdm
 # Copyright 1999-2006 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/x11-apps/xdm/ChangeLog,v 1.45 2006/04/29 16:30:31 joshuabaergen Exp $
+# $Header: /var/cvsroot/gentoo-x86/x11-apps/xdm/ChangeLog,v 1.46 2006/06/20 16:15:20 spyderous Exp $
+
+*xdm-1.0.4-r1 (20 Jun 2006)
+
+  20 Jun 2006; Donnie Berkholz <spyderous@gentoo.org>;
+  +files/xdm-1.0.4-setuid.diff, -xdm-1.0.3-r1.ebuild, -xdm-1.0.4.ebuild,
+  +xdm-1.0.4-r1.ebuild:
+  Security bump. Failure to check the return value of setuid() in a privileged
+  process could be used by a local user for file overwriting and possible
+  privilege escalation in corner cases. See
+  http://lists.freedesktop.org/archives/xorg/2006-June/016146.html for more
+  information.
 
 *xdm-1.0.4 (29 Apr 2006)
 
@@ -13,6 +24,9 @@
   22 Apr 2006; Donnie Berkholz <spyderous@gentoo.org>; xdm-1.0.3-r1.ebuild:
   Update xinit dep to 1.0.2-r3, which has the right fixes for xdm speedup.
 
+  21 Apr 2006; Donnie Berkholz <spyderous@gentoo.org>; xdm-1.0.3-r1.ebuild:
+  (#130673) Add dep on sessreg (Daniel Waeber).
+
   20 Apr 2006; Donnie Berkholz <spyderous@gentoo.org>;
   -files/digest-xdm-1.0.3:
   (#130593) Somehow an old digest managed to stick around and not end up in th
diff --git a/x11-apps/xdm/files/digest-xdm-1.0.4-r1 b/x11-apps/xdm/files/digest-xdm-1.0.4-r1
new file mode 100644
index 000000000000..751dc08d6522
--- /dev/null
+++ b/x11-apps/xdm/files/digest-xdm-1.0.4-r1
@@ -0,0 +1,3 @@
+MD5 aeed9697f27c0730a550a1ac7efdc189 xdm-1.0.4.tar.bz2 363486
+RMD160 fe4f62979d1f4fed394464e535544435c41fb8b3 xdm-1.0.4.tar.bz2 363486
+SHA256 d1c7a90da45ab38100c86311432832dcb968fd58bfc04007b3bcdb5446d6fb9b xdm-1.0.4.tar.bz2 363486
diff --git a/x11-apps/xdm/files/xdm-1.0.4-setuid.diff b/x11-apps/xdm/files/xdm-1.0.4-setuid.diff
new file mode 100644
index 000000000000..b633792ad579
--- /dev/null
+++ b/x11-apps/xdm/files/xdm-1.0.4-setuid.diff
@@ -0,0 +1,44 @@
+Index: session.c
+===================================================================
+RCS file: /cvs/xorg/app/xdm/session.c,v
+retrieving revision 1.7
+diff -u -r1.7 session.c
+--- session.c	3 Jun 2006 00:05:24 -0000	1.7
++++ session.c	19 Jun 2006 21:30:50 -0000
+@@ -492,8 +492,14 @@
+     else
+ 	ResetServer (d);
+     if (removeAuth) {
+-	setgid (verify.gid);
+-	setuid (verify.uid);
++	if (setgid (verify.gid) == -1) {
++	    LogError( "SessionExit: setgid: %s\n", strerror(errno));
++	    exit(status);
++	}
++	if (setuid (verify.uid) == -1) {
++	    LogError( "SessionExit: setuid: %s\n", strerror(errno));
++	    exit(status);
++	}
+ 	RemoveUserAuthorization (d, &verify);
+ #if defined(K5AUTH) && !defined(USE_PAM)   /* PAM modules should handle this */
+ 	/* do like "kdestroy" program */
+Index: xdmshell.c
+===================================================================
+RCS file: /cvs/xorg/app/xdm/xdmshell.c,v
+retrieving revision 1.3
+diff -u -r1.3 xdmshell.c
+--- xdmshell.c	14 Jul 2005 22:58:25 -0000	1.3
++++ xdmshell.c	19 Jun 2006 21:30:50 -0000
+@@ -183,7 +183,11 @@
+ #endif
+ 
+     /* make xdm run in a non-setuid environment */
+-    setuid (geteuid());
++    if (setuid (geteuid()) == -1) {
++	fprintf(stderr, "%s: cannot setuid (error %d, %s)\r\n",
++		ProgramName, errno, strerror(errno));
++	exit(1);
++    }
+ 
+     /*
+      * exec /usr/bin/X11/xdm -nodaemon -udpPort 0
diff --git a/x11-apps/xdm/xdm-1.0.4-r1.ebuild b/x11-apps/xdm/xdm-1.0.4-r1.ebuild
new file mode 100644
index 000000000000..1c3a7e4c0b8a
--- /dev/null
+++ b/x11-apps/xdm/xdm-1.0.4-r1.ebuild
@@ -0,0 +1,63 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/x11-apps/xdm/xdm-1.0.4-r1.ebuild,v 1.1 2006/06/20 16:15:20 spyderous Exp $
+
+# Must be before x-modular eclass is inherited
+#SNAPSHOT="yes"
+
+inherit multilib x-modular pam
+
+DEFAULTVT="vt7"
+
+DESCRIPTION="X.Org xdm application"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd"
+IUSE="xprint ipv6 pam"
+RDEPEND="x11-apps/xrdb
+	x11-libs/libXdmcp
+	x11-libs/libXaw
+	>=x11-apps/xinit-1.0.2-r3
+	x11-libs/libX11
+	x11-libs/libXt"
+DEPEND="${RDEPEND}
+	x11-proto/xproto"
+
+PATCHES="${FILESDIR}/wtmp.patch
+	${FILESDIR}/xwilling-hang.patch
+	${FILESDIR}/${P}-setuid.diff"
+
+CONFIGURE_OPTIONS="$(use_enable xprint)
+	$(use_enable ipv6)
+	$(use_with pam)
+	--with-default-vt=${DEFAULTVT}
+	--with-xdmconfigdir=/etc/X11/xdm"
+
+pkg_setup() {
+	if use xprint && ! built_with_use x11-libs/libXaw xprint; then
+		die "Build x11-libs/libXaw with USE=xprint."
+	fi
+}
+
+src_install() {
+	x-modular_src_install
+	exeinto /usr/$(get_libdir)/X11/xdm
+	doexe ${FILESDIR}/Xsession
+	newpamd ${FILESDIR}/xdm.pamd xdm
+}
+
+pkg_preinst() {
+	x-modular_pkg_preinst
+
+	# Check for leftover /usr/lib/X11/xdm symlink
+	if [[ -L "/usr/lib/X11/xdm" ]]; then
+		ewarn "/usr/lib/X11/xdm is a symlink; deleting."
+		rm /usr/lib/X11/xdm
+	fi
+}
+
+pkg_postinst() {
+	x-modular_pkg_postinst
+
+	ewarn "Install x11-apps/sessreg, or you won't be able to log in."
+	ewarn "It cannot be added as a dependency yet, because it isn't"
+	ewarn "tested on all architectures."
+}