]>
Commit | Line | Data |
---|---|---|
2d07cbe4 ER |
1 | --- xc/programs/Xserver/hw/xfree86/common/xf86Init.c 14 Dec 2005 20:12:00 -0000 1.29 |
2 | +++ xc/programs/Xserver/hw/xfree86/common/xf86Init.c 5 Jun 2006 10:35:19 -0000 | |
3 | @@ -1,5 +1,5 @@ | |
4 | /* $XFree86: xc/programs/Xserver/hw/xfree86/common/xf86Init.c,v 3.212 2004/01/27 01:31:45 dawes Exp $ */ | |
5 | -/* $XdotOrg: xc/programs/Xserver/hw/xfree86/common/xf86Init.c,v 1.29 2005-12-14 20:12:00 ajax Exp $ */ | |
6 | +/* $XdotOrg: xc/programs/Xserver/hw/xfree86/common/xf86Init.c,v 1.29 2005/12/14 20:12:00 ajax Exp $ */ | |
7 | ||
8 | /* | |
9 | * Loosely based on code bearing the following copyright: | |
10 | @@ -1905,7 +1905,11 @@ | |
11 | FatalError("xf86RunVtInit: fork failed (%s)\n", strerror(errno)); | |
12 | break; | |
13 | case 0: /* child */ | |
14 | - setuid(getuid()); | |
15 | + if (setuid(getuid()) == -1) { | |
16 | + xf86Msg(X_ERROR, "xf86RunVtInit: setuid failed (%s)\n", | |
17 | + strerror(errno)); | |
18 | + exit(255); | |
19 | + } | |
20 | /* set stdin, stdout to the consoleFd */ | |
21 | for (i = 0; i < 2; i++) { | |
22 | if (xf86Info.consoleFd != i) { | |
23 | --- xc/programs/Xserver/hw/xfree86/os-support/shared/libc_wrapper.c 3 Jul 2005 08:53:48 -0000 1.9 | |
24 | +++ xc/programs/Xserver/hw/xfree86/os-support/shared/libc_wrapper.c 5 Jun 2006 10:35:19 -0000 | |
25 | @@ -1270,7 +1270,10 @@ | |
26 | #ifndef SELF_CONTAINED_WRAPPER | |
27 | xf86DisableIO(); | |
28 | #endif | |
29 | - setuid(getuid()); | |
30 | + if (setuid(getuid()) == -1) { | |
31 | + ErrorF("xf86Execl: setuid() failed: %s\n", strerror(errno)); | |
32 | + exit(255); | |
33 | + } | |
34 | #if !defined(SELF_CONTAINED_WRAPPER) | |
35 | /* set stdin, stdout to the consoleFD, and leave stderr alone */ | |
36 | for (i = 0; i < 2; i++) | |
37 | --- xc/programs/Xserver/hw/xfree86/parser/write.c 3 Jul 2005 07:01:37 -0000 1.3 | |
38 | +++ xc/programs/Xserver/hw/xfree86/parser/write.c 5 Jun 2006 10:35:19 -0000 | |
39 | @@ -170,7 +170,10 @@ | |
40 | strerror(errno)); | |
41 | return 0; | |
42 | case 0: /* child */ | |
43 | - setuid(getuid()); | |
44 | + if (setuid(getuid() == -1) | |
45 | + FatalError("xf86writeConfigFile(): " | |
46 | + "setuid failed(%s)\n", | |
47 | + strerror(errno)); | |
48 | ret = doWriteConfigFile(filename, cptr); | |
49 | exit(ret); | |
50 | break; | |
51 | --- xc/programs/Xserver/os/utils.c 8 Nov 2005 06:33:30 -0000 1.21 | |
52 | +++ xc/programs/Xserver/os/utils.c 5 Jun 2006 10:35:20 -0000 | |
53 | @@ -1,4 +1,4 @@ | |
54 | -/* $XdotOrg: xc/programs/Xserver/os/utils.c,v 1.21 2005-11-08 06:33:30 jkj Exp $ */ | |
55 | +/* $XdotOrg: xc/programs/Xserver/os/utils.c,v 1.21 2005/11/08 06:33:30 jkj Exp $ */ | |
56 | /* $Xorg: utils.c,v 1.5 2001/02/09 02:05:24 xorgcvs Exp $ */ | |
57 | /* | |
58 | ||
59 | @@ -1718,8 +1718,10 @@ | |
60 | case -1: /* error */ | |
61 | p = -1; | |
62 | case 0: /* child */ | |
63 | - setgid(getgid()); | |
64 | - setuid(getuid()); | |
65 | + if (setgid(getgid()) == -1) | |
66 | + _exit(127); | |
67 | + if (setuid(getuid()) == -1) | |
68 | + _exit(127); | |
69 | execl("/bin/sh", "sh", "-c", command, (char *)NULL); | |
70 | _exit(127); | |
71 | default: /* parent */ | |
72 | @@ -1770,8 +1772,10 @@ | |
73 | xfree(cur); | |
74 | return NULL; | |
75 | case 0: /* child */ | |
76 | - setgid(getgid()); | |
77 | - setuid(getuid()); | |
78 | + if (setgid(getgid()) == -1) | |
79 | + _exit(127); | |
80 | + if (setuid(getuid()) == -1) | |
81 | + _exit(127); | |
82 | if (*type == 'r') { | |
83 | if (pdes[1] != 1) { | |
84 | /* stdout */ | |
85 | @@ -1845,8 +1849,10 @@ | |
86 | xfree(cur); | |
87 | return NULL; | |
88 | case 0: /* child */ | |
89 | - setgid(getgid()); | |
90 | - setuid(getuid()); | |
91 | + if (setgid(getgid()) == -1) | |
92 | + _exit(127); | |
93 | + if (setuid(getuid()) == -1) | |
94 | + _exit(127); | |
95 | if (*type == 'r') { | |
96 | if (pdes[1] != 1) { | |
97 | /* stdout */ | |
98 | --- xc/programs/xdm/session.c 8 Nov 2005 06:33:31 -0000 1.3 | |
99 | +++ xc/programs/xdm/session.c 5 Jun 2006 10:35:21 -0000 | |
100 | @@ -1,4 +1,4 @@ | |
101 | -/* $XdotOrg: xc/programs/xdm/session.c,v 1.3 2005-11-08 06:33:31 jkj Exp $ */ | |
102 | +/* $XdotOrg: xc/programs/xdm/session.c,v 1.3 2005/11/08 06:33:31 jkj Exp $ */ | |
103 | /* $Xorg: session.c,v 1.8 2001/02/09 02:05:40 xorgcvs Exp $ */ | |
104 | /* | |
105 | ||
106 | @@ -488,8 +488,14 @@ | |
107 | else | |
108 | ResetServer (d); | |
109 | if (removeAuth) { | |
110 | - setgid (verify.gid); | |
111 | - setuid (verify.uid); | |
112 | + if (setgid (verify.gid) == -1) { | |
113 | + LogError( "SessionExit: setgid: %s\n", strerror(errno)); | |
114 | + exit(status); | |
115 | + } | |
116 | + if (setuid (verify.uid) == -1) { | |
117 | + LogError( "SessionExit: setuid: %s\n", strerror(errno)); | |
118 | + exit(status); | |
119 | + } | |
120 | RemoveUserAuthorization (d, &verify); | |
121 | #ifdef K5AUTH | |
122 | /* do like "kdestroy" program */ | |
123 | --- xc/programs/xdm/xdmshell.c 14 Jul 2005 22:58:25 -0000 1.3 | |
124 | +++ xc/programs/xdm/xdmshell.c 5 Jun 2006 10:35:21 -0000 | |
125 | @@ -183,7 +183,11 @@ | |
126 | #endif | |
127 | ||
128 | /* make xdm run in a non-setuid environment */ | |
129 | - setuid (geteuid()); | |
130 | + if (setuid (geteuid()) == -1) { | |
131 | + fprintf(stderr, "%s: cannot setuid (error %d, %s)\r\n", | |
132 | + ProgramName, errno, strerror(errno)); | |
133 | + exit(1); | |
134 | + } | |
135 | ||
136 | /* | |
137 | * exec /usr/bin/X11/xdm -nodaemon -udpPort 0 | |
138 | --- xc/programs/xf86dga/dga.c 23 Apr 2004 19:54:47 -0000 1.2 | |
139 | +++ xc/programs/xf86dga/dga.c 5 Jun 2006 10:35:21 -0000 | |
140 | @@ -16,6 +16,7 @@ | |
141 | #include <X11/Xmd.h> | |
142 | #include <X11/extensions/xf86dga.h> | |
143 | #include <ctype.h> | |
144 | +#include <errno.h> | |
145 | #include <stdio.h> | |
146 | #include <stdlib.h> | |
147 | #include <signal.h> | |
148 | @@ -141,7 +142,10 @@ | |
149 | ||
150 | #ifndef __UNIXOS2__ | |
151 | /* Give up root privs */ | |
152 | - setuid(getuid()); | |
153 | + if (setuid(getuid()) == -1) { | |
154 | + fprintf(stderr, "Unable to change uid: %s\n", strerror(errno)); | |
155 | + exit(2); | |
156 | + } | |
157 | #endif | |
158 | ||
159 | XF86DGASetViewPort(dis, DefaultScreen(dis), 0, 0); | |
160 | --- xc/programs/xinit/xinit.c 4 Oct 2005 01:27:34 -0000 1.4 | |
161 | +++ xc/programs/xinit/xinit.c 5 Jun 2006 10:35:21 -0000 | |
162 | @@ -1,5 +1,5 @@ | |
163 | /* $Xorg: xinit.c,v 1.5 2001/02/09 02:05:49 xorgcvs Exp $ */ | |
164 | -/* $XdotOrg: xc/programs/xinit/xinit.c,v 1.4 2005-10-04 01:27:34 ajax Exp $ */ | |
165 | +/* $XdotOrg: xc/programs/xinit/xinit.c,v 1.4 2005/10/04 01:27:34 ajax Exp $ */ | |
166 | ||
167 | /* | |
168 | ||
169 | @@ -692,7 +692,10 @@ | |
170 | startClient(char *client[]) | |
171 | { | |
172 | if ((clientpid = vfork()) == 0) { | |
173 | - setuid(getuid()); | |
174 | + if (setuid(getuid()) == -1) { | |
175 | + Error("cannot change uid: %s\n", strerror(errno)); | |
176 | + _exit(ERR_EXIT); | |
177 | + } | |
178 | setpgrp(0, getpid()); | |
179 | environ = newenviron; | |
180 | #ifdef __UNIXOS2__ | |
181 | --- xc/programs/xload/xload.c 23 Apr 2004 19:54:57 -0000 1.2 | |
182 | +++ xc/programs/xload/xload.c 5 Jun 2006 10:35:21 -0000 | |
183 | @@ -34,7 +34,7 @@ | |
184 | * xload - display system load average in a window | |
185 | */ | |
186 | ||
187 | - | |
188 | +#include <errno.h> | |
189 | #include <stdio.h> | |
190 | #include <stdlib.h> | |
191 | #include <unistd.h> | |
192 | @@ -162,8 +162,17 @@ | |
193 | /* For security reasons, we reset our uid/gid after doing the necessary | |
194 | system initialization and before calling any X routines. */ | |
195 | InitLoadPoint(); | |
196 | - setgid(getgid()); /* reset gid first while still (maybe) root */ | |
197 | - setuid(getuid()); | |
198 | + /* reset gid first while still (maybe) root */ | |
199 | + if (setgid(getgid()) == -1) { | |
200 | + fprintf(stderr, "%s: setgid failed: %s\n", | |
201 | + ProgramName, strerror(errno)); | |
202 | + exit(1); | |
203 | + } | |
204 | + if (setuid(getuid()) == -1) { | |
205 | + fprintf(stderr, "%s: setuid failed: %s\n", | |
206 | + ProgramName, strerror(errno)); | |
207 | + exit(1); | |
208 | + } | |
209 | ||
210 | XtSetLanguageProc(NULL, (XtLanguageProc) NULL, NULL); | |
211 | ||
212 | --- xc/programs/xterm/main.c 14 Dec 2005 23:28:27 -0000 1.8 | |
213 | +++ xc/programs/xterm/main.c 5 Jun 2006 10:35:22 -0000 | |
214 | @@ -1592,8 +1592,10 @@ | |
215 | Window winToEmbedInto = None; | |
216 | ||
217 | #ifdef DISABLE_SETUID | |
218 | - seteuid(getuid()); | |
219 | - setuid(getuid()); | |
220 | + if (seteuid(getuid()) == -1) | |
221 | + exit(2); | |
222 | + if (setuid(getuid()) == -1) | |
223 | + exit(2); | |
224 | #endif | |
225 | ||
226 | ProgramName = argv[0]; | |
227 | @@ -1619,8 +1621,16 @@ | |
228 | ||
229 | #if defined(USE_UTMP_SETGID) | |
230 | get_pty(NULL, NULL); | |
231 | - seteuid(getuid()); | |
232 | - setuid(getuid()); | |
233 | + if (seteuid(getuid()) == -1) { | |
234 | + fprintf(stderr, | |
235 | + "%s: unable to change back euid\n", ProgramName); | |
236 | + exit(1); | |
237 | + } | |
238 | + if (setuid(getuid()) == -1) { | |
239 | + fprintf(stderr, | |
240 | + "%s: unable to change back uid\n", ProgramName); | |
241 | + exit(1); | |
242 | + } | |
243 | #define get_pty(pty, from) really_get_pty(pty, from) | |
244 | #endif | |
245 | ||
246 | --- xc/programs/xterm/misc.c 14 Dec 2005 23:28:27 -0000 1.6 | |
247 | +++ xc/programs/xterm/misc.c 5 Jun 2006 10:35:22 -0000 | |
248 | @@ -1094,8 +1094,10 @@ | |
249 | pid = fork(); | |
250 | switch (pid) { | |
251 | case 0: /* child */ | |
252 | - setgid(gid); | |
253 | - setuid(uid); | |
254 | + if (setgid(gid) == -1) | |
255 | + _exit(ERROR_SETUID); | |
256 | + if (setuid(uid) == -1) | |
257 | + _exit(ERROR_SETUID); | |
258 | fd = open(pathname, | |
259 | O_WRONLY | O_CREAT | (append ? O_APPEND : O_EXCL), | |
260 | mode); | |
261 | @@ -1262,8 +1264,10 @@ | |
262 | signal(SIGCHLD, SIG_DFL); | |
263 | ||
264 | /* (this is redundant) */ | |
265 | - setgid(screen->gid); | |
266 | - setuid(screen->uid); | |
267 | + if (setgid(screen->gid) == -1) | |
268 | + exit(ERROR_SETUID); | |
269 | + if (setuid(screen->uid) == -1) | |
270 | + exit(ERROR_SETUID); | |
271 | ||
272 | execl(shell, shell, "-c", &screen->logfile[1], (void *) 0); | |
273 | ||
274 | --- xc/programs/xterm/print.c 5 Aug 2005 16:13:04 -0000 1.5 | |
275 | +++ xc/programs/xterm/print.c 5 Jun 2006 10:35:22 -0000 | |
276 | @@ -387,9 +387,11 @@ | |
277 | dup2(fileno(stderr), 2); | |
278 | close(fileno(stderr)); | |
279 | } | |
280 | - | |
281 | - setgid(screen->gid); /* don't want privileges! */ | |
282 | - setuid(screen->uid); | |
283 | + /* don't want privileges! */ | |
284 | + if (setgid(screen->gid) == -1) | |
285 | + exit(2); | |
286 | + if (setuid(screen->uid) == -1) | |
287 | + exit(2); | |
288 | ||
289 | Printer = popen(screen->printer_command, "w"); | |
290 | input = fdopen(my_pipe[0], "r"); |