ports/177347: [patch] x11/xtrlock needs to run setuid root
Klaus Aehlig
aehlig at linta.de
Sun Mar 24 16:30:01 UTC 2013
>Number: 177347
>Category: ports
>Synopsis: [patch] x11/xtrlock needs to run setuid root
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sun Mar 24 16:30:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator: Klaus Aehlig
>Release: FreeBSD 9.1-STABLE amd64
>Organization:
>Environment:
System: FreeBSD howard.linta.de 9.1-STABLE FreeBSD 9.1-STABLE #9 r246978: Wed Feb 20 08:46:40 CET 2013 root at howard.linta.de:/usr/obj/usr/src/sys/GENERIC amd64
>Description:
xtrlock(1) obtains the crypted password of the user by calling
getpwuid(3). For this to work, root priviliges are needed. Hence
xtrlock should run as a setuid root binary (as it was, before the
port was updated to version 2.2).
>How-To-Repeat:
Install x11/xtrlock and run as unpriviliged user. Instead of locking
the screen, xtrlock outputs the error message "password entry has no pwd".
>Fix:
Apply the following patch.
--- xtrlock.diff begins here ---
diff -ruN xtrlock.orig/Makefile xtrlock/Makefile
--- xtrlock.orig/Makefile 2013-03-24 16:58:29.000000000 +0100
+++ xtrlock/Makefile 2013-03-24 17:00:23.000000000 +0100
@@ -3,6 +3,7 @@
PORTNAME= xtrlock
PORTVERSION= 2.2
+PORTREVISION= 1
CATEGORIES= x11
MASTER_SITES= DEBIAN
DISTNAME= ${PORTNAME}_${PORTVERSION}
@@ -21,6 +22,7 @@
MAN1= xtrlock.1
PLIST_FILES= bin/xtrlock
+BINMODE= 4555
post-extract:
@${LN} -sf xtrlock.man ${WRKSRC}/xtrlock.1
--- xtrlock.diff ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list