ports/119012: [PATCH] xorg-server: incorrect SUID option handling
Dmitry Marakasov
amdmi3 at amdmi3.ru
Tue Dec 25 15:00:04 UTC 2007
>Number: 119012
>Category: ports
>Synopsis: [PATCH] xorg-server: incorrect SUID option handling
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Tue Dec 25 15:00:03 UTC 2007
>Closed-Date:
>Last-Modified:
>Originator: Dmitry Marakasov
>Release: FreeBSD 7.0-BETA4 i386
>Organization:
>Environment:
System: FreeBSD hades.panopticon 7.0-BETA4 FreeBSD 7.0-BETA4 #0: Thu Dec 20 13:28:17 MSK 2007 root at hades.panopticon:/usr/obj/usr/src/sys/HADES i386
>Description:
When user has no NO_SUID_XSERVER=yes line in make.conf and turns off SUID option in xorg-server port, it will still be installed suid. The patch corrects this behavior.
Before patch:
SUID option in port | NO_SUID_XSERVER | result
--------------------+-----------------+-------
on | undefined | suid
on | = YES | suid
on | = NO | suid
off | undefined | suid
off | = YES | nosuid
off | = NO | suid
After patch:
SUID option in port | NO_SUID_XSERVER | result
--------------------+-----------------+-------
on | undefined | suid
on | = YES | nosuid
on | = NO | suid
off | undefined | nosuid
off | = YES | nosuid
off | = NO | nosuid
Also it may be good to update the message displayed when x server is installed suid
>How-To-Repeat:
>Fix:
--- xorg-server.patch begins here ---
diff -ruN xorg-server.orig/Makefile xorg-server/Makefile
--- xorg-server.orig/Makefile 2007-12-25 17:29:40.000000000 +0300
+++ xorg-server/Makefile 2007-12-25 17:35:02.000000000 +0300
@@ -7,7 +7,7 @@
PORTNAME= xorg-server
PORTVERSION= 1.4
-PORTREVISION= 3
+PORTREVISION= 4
PORTEPOCH= 1
CATEGORIES= x11-servers
MASTER_SITES= http://xorg.freedesktop.org/releases/individual/xserver/:fdo \
@@ -71,7 +71,7 @@
CONFIGURE_ARGS+= --enable-aiglx=no
.endif
-.if !defined(WITHOUT_SUID) || !defined(NO_SUID_XSERVER) || ${NO_SUID_XSERVER} == NO
+.if !defined(WITHOUT_SUID) && (!defined(NO_SUID_XSERVER) || ${NO_SUID_XSERVER} == NO)
CONFIGURE_ARGS+=--enable-install-setuid=yes
.else
CONFIGURE_ARGS+=--enable-install-setuid=no
@@ -105,7 +105,7 @@
PLIST_SUB+= AMD64_I386_SPARC64="@comment "
.endif
-.if !defined(WITHOUT_SUID) || !defined(NO_SUID_XSERVER) || ${NO_SUID_XSERVER} == NO
+.if !defined(WITHOUT_SUID) && (!defined(NO_SUID_XSERVER) || ${NO_SUID_XSERVER} == NO)
pre-everything::
@${ECHO_MSG} "By default, the X Server installs as a set-user-id root binary. When run by"
@${ECHO_MSG} "a normal user, it checks arguments and environment as done in the x11/wrapper"
--- xorg-server.patch ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list