[packages/ghostscript.git] / ghostscript-setuid.patch

--- gs/psi/imainarg.c.orig	Mon Dec  6 08:11:52 1999
+++ gs/psi/imainarg.c	Thu Mar 30 23:01:34 2000
@@ -48,6 +48,18 @@
 #include "iutil.h"
 #include "ivmspace.h"
 
+/* Change by Torsten Landschoff <torsten@debian.org>:
+ * We need to store the original rights when run with setuid so we can
+ * regain privileges when opening the vga library for instance.
+ *   -- Thu, 30 Mar 2000 22:47:22 +0200 */
+
+#include <unistd.h>
+
+uid_t privileged_uid;
+gid_t privileged_gid; 
+
+/* --- end change --- */
+
 /* Import operator procedures */
 extern int zflush(P1(i_ctx_t *));
 extern int zflushpage(P1(i_ctx_t *));
@@ -127,6 +139,20 @@
     arg_list args;
     FILE *stdfiles[3];
     int code;
+
+    /* Change by Torsten Landschoff <torsten@debian.org>:
+     * We want to give up privileges as soon as possible when running suid.
+     * Right, you would not want to run a piece of software as complex as
+     * Ghostscript with setuid but you need to if you want to use the 
+     * svgalib as ordinary user. 
+     *  -- Thu, 30 Mar 2000 22:46:19 +0200 */
+
+    /* save privileges */
+    privileged_uid = geteuid();		privileged_gid = getegid();
+    /* give up privileges */
+    seteuid( getuid() );		setegid( getgid() );
+     
+    /* --- end change --- */
 
     gs_get_real_stdio(stdfiles);
     arg_init(&args, (const char **)argv, argc,
--- gs/devices/gdevl256.c.orig	Mon Jan 11 07:38:07 1999
+++ gs/devices/gdevl256.c	Thu Mar 30 23:03:57 2000
@@ -38,6 +38,17 @@
 #include <vga.h>
 #include <vgagl.h>
 
+/* Change by Torsten Landschoff <torsten@debian.org>:
+ * I changed imainarg.c to drop privileges as soon as possible when 
+ * running setuid. We need to get back elevated rights when we want 
+ * to open the vga library. Declare the two variables from imainarg.c
+ * holding the privileges and include unistd.h for user management.
+ *  -- Thu, 30 Mar 2000 22:59:53 +0200 */
+
+#include <unistd.h>
+extern uid_t privileged_uid;
+extern gid_t privileged_gid;
+
 /* The color map for dynamically assignable colors. */
 #define first_dc_index 64
 private int next_dc_index;
@@ -107,7 +118,19 @@
     int vgamode;
     int width, height;
 
+    /* Change by Torsten Landschoff <torsten@debian.org>:
+     * We need to restore the privileges we gave up in imainarg.c to open
+     * the vga device. 
+     * -- Thu, 30 Mar 2000 23:03:12 +0200 */
+
+    /* re-obtain privileges */
+    seteuid( privileged_uid );	setegid( privileged_gid );
     vga_init();
+    /* give away privileges */
+    seteuid( getuid() );	setegid( getgid() );
+
+    /* --- end change --- */
+
     vgamode = vga_getdefaultmode();
     if (vgamode == -1)
 	vgamode = G320x200x256;
Commit	Line	Data
77a5023a AG	1	--- gs/psi/imainarg.c.orig Mon Dec 6 08:11:52 1999
77a5023a AG	2	+++ gs/psi/imainarg.c Thu Mar 30 23:01:34 2000
2e747537	3	@@ -48,6 +48,18 @@
	4	#include "iutil.h"
	5	#include "ivmspace.h"
	6
	7	+/* Change by Torsten Landschoff <torsten@debian.org>:
	8	+ * We need to store the original rights when run with setuid so we can
	9	+ * regain privileges when opening the vga library for instance.
	10	+ * -- Thu, 30 Mar 2000 22:47:22 +0200 */
	11	+
	12	+#include <unistd.h>
	13	+
	14	+uid_t privileged_uid;
	15	+gid_t privileged_gid;
	16	+
	17	+/* --- end change --- */
	18	+
	19	/* Import operator procedures */
	20	extern int zflush(P1(i_ctx_t *));
	21	extern int zflushpage(P1(i_ctx_t *));
	22	@@ -127,6 +139,20 @@
	23	arg_list args;
	24	FILE *stdfiles[3];
	25	int code;
	26	+
	27	+ /* Change by Torsten Landschoff <torsten@debian.org>:
	28	+ * We want to give up privileges as soon as possible when running suid.
	29	+ * Right, you would not want to run a piece of software as complex as
	30	+ * Ghostscript with setuid but you need to if you want to use the
	31	+ * svgalib as ordinary user.
	32	+ * -- Thu, 30 Mar 2000 22:46:19 +0200 */
	33	+
	34	+ /* save privileges */
	35	+ privileged_uid = geteuid(); privileged_gid = getegid();
	36	+ /* give up privileges */
	37	+ seteuid( getuid() ); setegid( getgid() );
	38	+
	39	+ /* --- end change --- */
	40
	41	gs_get_real_stdio(stdfiles);
	42	arg_init(&args, (const char **)argv, argc,
191f0636 JR	43	--- gs/devices/gdevl256.c.orig Mon Jan 11 07:38:07 1999
191f0636 JR	44	+++ gs/devices/gdevl256.c Thu Mar 30 23:03:57 2000
2e747537	45	@@ -38,6 +38,17 @@
	46	#include <vga.h>
	47	#include <vgagl.h>
	48
	49	+/* Change by Torsten Landschoff <torsten@debian.org>:
	50	+ * I changed imainarg.c to drop privileges as soon as possible when
	51	+ * running setuid. We need to get back elevated rights when we want
	52	+ * to open the vga library. Declare the two variables from imainarg.c
	53	+ * holding the privileges and include unistd.h for user management.
	54	+ * -- Thu, 30 Mar 2000 22:59:53 +0200 */
	55	+
	56	+#include <unistd.h>
	57	+extern uid_t privileged_uid;
	58	+extern gid_t privileged_gid;
	59	+
	60	/* The color map for dynamically assignable colors. */
	61	#define first_dc_index 64
	62	private int next_dc_index;
	63	@@ -107,7 +118,19 @@
	64	int vgamode;
	65	int width, height;
	66
	67	+ /* Change by Torsten Landschoff <torsten@debian.org>:
	68	+ * We need to restore the privileges we gave up in imainarg.c to open
	69	+ * the vga device.
	70	+ * -- Thu, 30 Mar 2000 23:03:12 +0200 */
	71	+
	72	+ /* re-obtain privileges */
	73	+ seteuid( privileged_uid ); setegid( privileged_gid );
	74	vga_init();
	75	+ /* give away privileges */
	76	+ seteuid( getuid() ); setegid( getgid() );
	77	+
	78	+ /* --- end change --- */
	79	+
	80	vgamode = vga_getdefaultmode();
	81	if (vgamode == -1)
	82	vgamode = G320x200x256;