]>
Commit | Line | Data |
---|---|---|
77a5023a AG |
1 | --- gs/psi/imainarg.c.orig Mon Dec 6 08:11:52 1999 |
2 | +++ gs/psi/imainarg.c Thu Mar 30 23:01:34 2000 | |
2e747537 | 3 | @@ -48,6 +48,18 @@ |
4 | #include "iutil.h" | |
5 | #include "ivmspace.h" | |
6 | ||
7 | +/* Change by Torsten Landschoff <torsten@debian.org>: | |
8 | + * We need to store the original rights when run with setuid so we can | |
9 | + * regain privileges when opening the vga library for instance. | |
10 | + * -- Thu, 30 Mar 2000 22:47:22 +0200 */ | |
11 | + | |
12 | +#include <unistd.h> | |
13 | + | |
14 | +uid_t privileged_uid; | |
15 | +gid_t privileged_gid; | |
16 | + | |
17 | +/* --- end change --- */ | |
18 | + | |
19 | /* Import operator procedures */ | |
20 | extern int zflush(P1(i_ctx_t *)); | |
21 | extern int zflushpage(P1(i_ctx_t *)); | |
22 | @@ -127,6 +139,20 @@ | |
23 | arg_list args; | |
24 | FILE *stdfiles[3]; | |
25 | int code; | |
26 | + | |
27 | + /* Change by Torsten Landschoff <torsten@debian.org>: | |
28 | + * We want to give up privileges as soon as possible when running suid. | |
29 | + * Right, you would not want to run a piece of software as complex as | |
30 | + * Ghostscript with setuid but you need to if you want to use the | |
31 | + * svgalib as ordinary user. | |
32 | + * -- Thu, 30 Mar 2000 22:46:19 +0200 */ | |
33 | + | |
34 | + /* save privileges */ | |
35 | + privileged_uid = geteuid(); privileged_gid = getegid(); | |
36 | + /* give up privileges */ | |
37 | + seteuid( getuid() ); setegid( getgid() ); | |
38 | + | |
39 | + /* --- end change --- */ | |
40 | ||
41 | gs_get_real_stdio(stdfiles); | |
42 | arg_init(&args, (const char **)argv, argc, | |
191f0636 JR |
43 | --- gs/devices/gdevl256.c.orig Mon Jan 11 07:38:07 1999 |
44 | +++ gs/devices/gdevl256.c Thu Mar 30 23:03:57 2000 | |
2e747537 | 45 | @@ -38,6 +38,17 @@ |
46 | #include <vga.h> | |
47 | #include <vgagl.h> | |
48 | ||
49 | +/* Change by Torsten Landschoff <torsten@debian.org>: | |
50 | + * I changed imainarg.c to drop privileges as soon as possible when | |
51 | + * running setuid. We need to get back elevated rights when we want | |
52 | + * to open the vga library. Declare the two variables from imainarg.c | |
53 | + * holding the privileges and include unistd.h for user management. | |
54 | + * -- Thu, 30 Mar 2000 22:59:53 +0200 */ | |
55 | + | |
56 | +#include <unistd.h> | |
57 | +extern uid_t privileged_uid; | |
58 | +extern gid_t privileged_gid; | |
59 | + | |
60 | /* The color map for dynamically assignable colors. */ | |
61 | #define first_dc_index 64 | |
62 | private int next_dc_index; | |
63 | @@ -107,7 +118,19 @@ | |
64 | int vgamode; | |
65 | int width, height; | |
66 | ||
67 | + /* Change by Torsten Landschoff <torsten@debian.org>: | |
68 | + * We need to restore the privileges we gave up in imainarg.c to open | |
69 | + * the vga device. | |
70 | + * -- Thu, 30 Mar 2000 23:03:12 +0200 */ | |
71 | + | |
72 | + /* re-obtain privileges */ | |
73 | + seteuid( privileged_uid ); setegid( privileged_gid ); | |
74 | vga_init(); | |
75 | + /* give away privileges */ | |
76 | + seteuid( getuid() ); setegid( getgid() ); | |
77 | + | |
78 | + /* --- end change --- */ | |
79 | + | |
80 | vgamode = vga_getdefaultmode(); | |
81 | if (vgamode == -1) | |
82 | vgamode = G320x200x256; |