[packages/XFree86.git] / XFree86-dri_directory_mode_fix.patch

This patch by Brendan O'Dea.

  The /dev/dri directory is created with a mode that is derived from the
  "Mode" entry in the "DRI" section, which dexconf creates as 666.

  Ethan Benson noted that this results in a world writable directory on
  the root filesystem which is undesirable.

  Given that the only things in that directory are character devices which
  require root permission to create, the directory permissions need not
  follow the Mode required for the devices but may be root:root 755.

--- XFree86-4.1.0/xc/programs/Xserver/hw/xfree86/os-support/linux/drm/xf86drm.c.orig	Thu Aug 30 19:58:24 2001
+++ XFree86-4.1.0/xc/programs/Xserver/hw/xfree86/os-support/linux/drm/xf86drm.c	Thu Aug 30 19:59:20 2001
@@ -174,7 +174,6 @@
     stat_t          st;
     char            buf[64];
     int             fd;
-    mode_t          dirmode = DRM_DEV_DIRMODE;
     mode_t          devmode = DRM_DEV_MODE;
     int             isroot  = !geteuid();
 #if defined(XFree86Server)
@@ -184,23 +183,16 @@
 
 #if defined(XFree86Server)
     devmode  = xf86ConfigDRI.mode ? xf86ConfigDRI.mode : DRM_DEV_MODE;
-    dirmode  = (devmode & S_IRUSR) ? S_IXUSR : 0;
-    dirmode |= (devmode & S_IRGRP) ? S_IXGRP : 0;
-    dirmode |= (devmode & S_IROTH) ? S_IXOTH : 0;
-    dirmode |= devmode;
     devmode &= ~(S_IXUSR|S_IXGRP|S_IXOTH);
     group = (xf86ConfigDRI.group >= 0) ? xf86ConfigDRI.group : DRM_DEV_GID;
 #endif
 
     if (stat(DRM_DIR_NAME, &st)) {
 	if (!isroot) return DRM_ERR_NOT_ROOT;
-	remove(DRM_DIR_NAME);
-	mkdir(DRM_DIR_NAME, dirmode);
+	mkdir(DRM_DIR_NAME, 0755);
+	chown(DRM_DIR_NAME, 0, 0); /* root:root */
+	chmod(DRM_DIR_NAME, 0755);
     }
-#if defined(XFree86Server)
-    chown(DRM_DIR_NAME, user, group);
-    chmod(DRM_DIR_NAME, dirmode);
-#endif
 
     sprintf(buf, DRM_DEV_NAME, DRM_DIR_NAME, minor);
     if (stat(buf, &st) || st.st_rdev != dev) {
Commit	Line	Data
33bd4355	1	This patch by Brendan O'Dea.
	2
	3	The /dev/dri directory is created with a mode that is derived from the
	4	"Mode" entry in the "DRI" section, which dexconf creates as 666.
	5
	6	Ethan Benson noted that this results in a world writable directory on
	7	the root filesystem which is undesirable.
	8
	9	Given that the only things in that directory are character devices which
	10	require root permission to create, the directory permissions need not
	11	follow the Mode required for the devices but may be root:root 755.
	12
	13	--- XFree86-4.1.0/xc/programs/Xserver/hw/xfree86/os-support/linux/drm/xf86drm.c.orig Thu Aug 30 19:58:24 2001
	14	+++ XFree86-4.1.0/xc/programs/Xserver/hw/xfree86/os-support/linux/drm/xf86drm.c Thu Aug 30 19:59:20 2001
	15	@@ -174,7 +174,6 @@
	16	stat_t st;
	17	char buf[64];
	18	int fd;
	19	- mode_t dirmode = DRM_DEV_DIRMODE;
	20	mode_t devmode = DRM_DEV_MODE;
	21	int isroot = !geteuid();
	22	#if defined(XFree86Server)
	23	@@ -184,23 +183,16 @@
	24
	25	#if defined(XFree86Server)
	26	devmode = xf86ConfigDRI.mode ? xf86ConfigDRI.mode : DRM_DEV_MODE;
	27	- dirmode = (devmode & S_IRUSR) ? S_IXUSR : 0;
	28	- dirmode \|= (devmode & S_IRGRP) ? S_IXGRP : 0;
	29	- dirmode \|= (devmode & S_IROTH) ? S_IXOTH : 0;
	30	- dirmode \|= devmode;
	31	devmode &= ~(S_IXUSR\|S_IXGRP\|S_IXOTH);
	32	group = (xf86ConfigDRI.group >= 0) ? xf86ConfigDRI.group : DRM_DEV_GID;
	33	#endif
	34
	35	if (stat(DRM_DIR_NAME, &st)) {
	36	if (!isroot) return DRM_ERR_NOT_ROOT;
	37	- remove(DRM_DIR_NAME);
	38	- mkdir(DRM_DIR_NAME, dirmode);
	39	+ mkdir(DRM_DIR_NAME, 0755);
	40	+ chown(DRM_DIR_NAME, 0, 0); /* root:root */
	41	+ chmod(DRM_DIR_NAME, 0755);
	42	}
	43	-#if defined(XFree86Server)
	44	- chown(DRM_DIR_NAME, user, group);
	45	- chmod(DRM_DIR_NAME, dirmode);
	46	-#endif
	47
	48	sprintf(buf, DRM_DEV_NAME, DRM_DIR_NAME, minor);
	49	if (stat(buf, &st) \|\| st.st_rdev != dev) {