outdated

[packages/XFree86.git] / XFree86-Xwrapper.patch

diff -urN XFree86-4.0.1.orig/xc/config/cf/Server.tmpl XFree86-4.0.1/xc/config/cf/Server.tmpl
--- XFree86-4.0.1.orig/xc/config/cf/Server.tmpl Fri Feb 18 17:23:07 2000
+++ XFree86-4.0.1/xc/config/cf/Server.tmpl      Mon Jul 10 04:01:04 2000
@@ -31,8 +31,14 @@
 #ifndef MakeDllModules
 #define MakeDllModules NO
 #endif
+#ifndef XserverNeedsSetUID
+#define XserverNeedsSetUID NO
+#endif
+#ifndef UseXserverWrapper
+#define UseXserverWrapper XserverNeedsSetUID
+#endif
 #ifndef InstallServerSetUID
-#define InstallServerSetUID NO
+#define InstallServerSetUID (XserverNeedsSetUID && !UseXserverWrapper)
 #endif
 
 /*
diff -urN XFree86-4.0.1.orig/xc/config/cf/xf86site.def XFree86-4.0.1/xc/config/cf/xf86site.def
--- XFree86-4.0.1.orig/xc/config/cf/xf86site.def        Mon Jul 10 03:59:05 2000
+++ XFree86-4.0.1/xc/config/cf/xf86site.def     Mon Jul 10 04:01:04 2000
@@ -305,13 +305,15 @@
  */
 
 /*
- * If you only run the X server under xdm the X servers don't need to be
- * installed SetUID, and you may comment out the lines below.  If you run
- * the servers by hand (with xinit or startx), then they do need to be
- * installed SetUID on most OSs.
- * Consult your system administrator before making the X server setuid.
+ * The X servers need to run as root on most OSs.  We're now using a
+ * wrapper in that case, but we still need to make it known that the
+ * servers need SetUID.  When only using xdm, this (and the wrapper)
+ * are not required.  Disabling this automatically disables use of the
+ * wrapper.
  *
-#define InstallXserverSetUID   NO
+ * If you're only starting the Xservers with xdm set this to NO
+ *
+#define XserverNeedsSetUID     NO
  */
 
 /*
diff -urN XFree86-4.0.1.orig/xc/config/cf/xfree86.cf XFree86-4.0.1/xc/config/cf/xfree86.cf
--- XFree86-4.0.1.orig/xc/config/cf/xfree86.cf  Mon Jul 10 03:59:05 2000
+++ XFree86-4.0.1/xc/config/cf/xfree86.cf       Mon Jul 10 04:01:04 2000
@@ -550,12 +550,15 @@
 #endif
 
 /*
- * The default is to install the X servers setuid-root on most OSs.
- * It the servers are only started by xdm, they should not be setuid-root.
+ * The X servers need to run as root on most OSs.  We're now using a
+ * wrapper in that case, but we still need to make it known that the
+ * servers need SetUID.  When only using xdm, this (and the wrapper)
+ * are not required.  Disabling this automatically disables use of the
+ * wrapper.
  */
 #if !defined(i386MachArchitecture) && !defined(OS2Architecture)
-# ifndef InstallXserverSetUID
-#  define InstallXserverSetUID YES
+# ifndef XserverNeedsSetUID
+#  define XserverNeedsSetUID   YES
 # endif
 #endif
 
diff -urN XFree86-4.0.1.orig/xc/programs/Xserver/Imakefile XFree86-4.0.1/xc/programs/Xserver/Imakefile
--- XFree86-4.0.1.orig/xc/programs/Xserver/Imakefile    Sat Jun 17 20:42:16 2000
+++ XFree86-4.0.1/xc/programs/Xserver/Imakefile Mon Jul 10 04:01:33 2000
@@ -4,11 +4,6 @@
  */
 XCOMM $XFree86: xc/programs/Xserver/Imakefile,v 3.184 2000/06/17 00:03:10 martin Exp $
 
-#ifndef InstallXserverSetUID
-#define InstallXserverSetUID NO
-#endif
-#define InstallServerSetUID InstallXserverSetUID
-
 #include <Server.tmpl>
 
 #ifdef XFree86Version
@@ -257,6 +252,7 @@
         SYSLIBS = $(ZLIB) MathLibrary Krb5Libraries DBMLibrary $(USB) \
        $(EXTRASYSLIBS)
 #endif
+       PAMLIBS = -lpam -lpam_misc -ldl
            CBRT = mi/LibraryTargetName(cbrt)
         STDDIRS = include dix os mi $(XPDDXDIR) $(EXTDIRS)
 
@@ -1012,6 +1008,11 @@
        $(XVFBLIBS) $(LOADABLEEXTS) $(LIBCWRAPPER),$(XVFBSYSLIBS))
 #endif /* XVirtualFramebufferServer */
 
+
+#if UseXserverWrapper
+SetUIDProgramTarget(Xwrapper,os/wrapper.o,NullParameter,$(PAMLIBS),NullParameter)
+InstallProgramWithFlags(Xwrapper,$(BINDIR),$(INSTUIDFLAGS))
+#endif
 
 CFBDIRS = $(CFB8DIR) $(CFB16DIR) $(CFB24DIR) $(CFB32DIR)
 IPLANDIRS = $(IPLAN2P2DIR) $(IPLAN2P4DIR) $(IPLAN2P8DIR)
diff -urN XFree86-4.0.1.orig/xc/programs/Xserver/hw/xfree86/os-support/linux/lnx_init.c XFree86-4.0.1/xc/programs/Xserver/hw/xfree86/os-support/linux/lnx_init.c
--- XFree86-4.0.1.orig/xc/programs/Xserver/hw/xfree86/os-support/linux/lnx_init.c       Fri Feb 25 19:28:11 2000
+++ XFree86-4.0.1/xc/programs/Xserver/hw/xfree86/os-support/linux/lnx_init.c    Mon Jul 10 04:01:04 2000
@@ -65,7 +65,10 @@
        /* check if we're run with euid==0 */
        if (geteuid() != 0)
        {
-           FatalError("xf86OpenConsole: Server must be suid root\n");
+           FatalError("xf86OpenConsole: Server must be running with root "
+               "permissions\n"
+               "You should be using Xwrapper to start the server or xdm.\n"
+               "We strongly advise against making the server SUID root!\n");
        }
 
        /*
diff -urN XFree86-4.0.1.orig/xc/programs/Xserver/os/Imakefile XFree86-4.0.1/xc/programs/Xserver/os/Imakefile
--- XFree86-4.0.1.orig/xc/programs/Xserver/os/Imakefile Fri May  5 19:47:29 2000
+++ XFree86-4.0.1/xc/programs/Xserver/os/Imakefile      Mon Jul 10 04:01:33 2000
@@ -110,6 +110,7 @@
   ERROR_DEFINES = ServerErrorDefines
         DEFINES = -DXSERV_t -DTRANS_SERVER $(CONNECTION_FLAGS) $(MEM_DEFINES) $(XDMAUTHDEFS) $(RPCDEFS) $(SIGNAL_DEFINES) $(OS_DEFINES) $(KRB5_DEFINES) $(RGB_DEFINES)
        INCLUDES = -I.  -I../include -I$(XINCLUDESRC) -I$(EXTINCSRC) -I$(TOP)/lib/Xau -I../lbx Krb5Includes
+       EXTRA_DEFINES = -DUSE_PAM
  DEPEND_DEFINES = $(DBM_DEFINES) $(XDMCP_DEFINES) $(EXT_DEFINES) $(TRANS_INCLUDES) $(CONNECTION_FLAGS)
        LINTLIBS = ../dix/llib-ldix.ln
 
@@ -153,6 +154,14 @@
        cc -c $(DBM_DEFINES) $(CDEBUGFLAGS) $(ALLDEFINES) $*.c
 #else
 SpecialCObjectRule(oscolor,$(ICONFIGFILES),$(DBM_DEFINES))
+#endif
+
+#if UseXserverWrapper
+AllTarget(wrapper.o)
+
+       WRAPPER_DEFINES = -DXSERVER_PATH=\"/etc/X11/X\"
+
+SpecialCObjectRule(wrapper,NullParameter,$(WRAPPER_DEFINES))
 #endif
 
 #if HasKrb5
diff -urN XFree86-4.0.1.orig/xc/programs/Xserver/os/wrapper.c XFree86-4.0.1/xc/programs/Xserver/os/wrapper.c
--- XFree86-4.0.1.orig/xc/programs/Xserver/os/wrapper.c Thu Jan  1 01:00:00 1970
+++ XFree86-4.0.1/xc/programs/Xserver/os/wrapper.c      Mon Jul 10 04:01:33 2000
@@ -0,0 +1,304 @@
+/*
+ * X server wrapper.
+ *
+ * This wrapper makes some sanity checks on the command line arguments
+ * and environment variables when run with euid == 0 && euid != uid.
+ * If the checks fail, the wrapper exits with a message.
+ * If they succeed, it exec's the Xserver.
+ */
+
+/*
+ * Copyright (c) 1998 by The XFree86 Project, Inc.  All Rights Reserved.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject
+ * to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included
+ * in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+ * IN NO EVENT SHALL THE XFREE86 PROJECT BE LIABLE FOR ANY CLAIM, DAMAGES
+ * OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+ * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE
+ * OR OTHER DEALINGS IN THE SOFTWARE.
+ *
+ * Except as contained in this notice, the name of the XFree86 Project
+ * shall not be used in advertising or otherwise to promote the sale,
+ * use or other dealings in this Software without prior written
+ * authorization from the XFree86 Project.
+ */
+
+/* $XFree86: xc/programs/Xserver/os/wrapper.c,v 1.1.2.5 1998/02/27 15:28:59 dawes Exp $ */
+
+/* This is normally set in the Imakefile */
+#ifndef XSERVER_PATH
+#define XSERVER_PATH   "/etc/X11/X"
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <unistd.h>
+#include <sys/types.h>
+#ifdef USE_PAM
+#include <security/pam_appl.h>
+#include <security/pam_misc.h>
+#include <pwd.h>
+#endif /* USE_PAM */
+
+/* Neither of these should be required for XFree86 3.3.2 */
+#ifndef REJECT_CONFIG
+#define REJECT_CONFIG 0
+#endif
+#ifndef REJECT_XKBDIR
+#define REJECT_XKBDIR 0
+#endif
+
+/* Consider LD* variables insecure ? */
+#ifndef REMOVE_ENV_LD
+#define REMOVE_ENV_LD 1
+#endif
+
+/* Remove long environment variables? */
+#ifndef REMOVE_LONG_ENV
+#define REMOVE_LONG_ENV 1
+#endif
+
+/* Check args and env only if running setuid (euid == 0 && euid != uid) ? */
+#ifndef CHECK_EUID
+#define CHECK_EUID 1
+#endif
+
+/*
+ * Maybe the locale can be faked to make isprint(3) report that everything
+ * is printable?  Avoid it by default.
+ */
+#ifndef USE_ISPRINT
+#define USE_ISPRINT 0
+#endif
+
+#define MAX_ARG_LENGTH         128
+#define MAX_ENV_LENGTH         256
+#define MAX_ENV_PATH_LENGTH    2048
+
+#if USE_ISPRINT
+#include <ctype.h>
+#define checkPrintable(c) isprint(c)
+#else
+#define checkPrintable(c) (((c) & 0x7f) >= 0x20 && ((c) & 0x7f) != 0x7f)
+#endif
+
+enum BadCode {
+    NotBad = 0,
+    UnsafeArg,
+    ArgTooLong,
+    UnprintableArg,
+    EnvTooLong,
+    InternalError,
+#ifdef USE_PAM
+    PamFailed,
+    PamAuthFailed,
+#endif /* USE_PAM */
+};
+
+#define ARGMSG \
+    "\nIf the arguments used are valid, and have been rejected incorrectly\n" \
+      "please send details of the arguments and why they are valid to\n" \
+      "XFree86@XFree86.org.  In the meantime, you can start the Xserver as\n" \
+      "the \"super user\" (root).\n"   
+
+#define ENVMSG \
+    "\nIf the environment is valid, and have been rejected incorrectly\n" \
+      "please send details of the environment and why it is valid to\n" \
+      "XFree86@XFree86.org.  In the meantime, you can start the Xserver as\n" \
+      "the \"super user\" (root).\n"
+
+#ifdef USE_PAM
+static struct pam_conv conv = {
+    misc_conv,
+    NULL
+};
+#endif /* USE_PAM */
+
+
+int
+main(int argc, char **argv, char **envp)
+{
+    enum BadCode bad = NotBad;
+    int i, j;
+    char *a, *e;
+#ifdef USE_PAM
+    pam_handle_t *pamh = NULL;
+    struct passwd *pw;
+    int retval;
+
+    pw = getpwuid(getuid());
+    if (pw == NULL) {
+       bad = InternalError;
+    }
+
+    if (!bad) {
+       retval = pam_start("xserver", pw->pw_name, &conv, &pamh);
+       if (retval != PAM_SUCCESS)
+           bad = PamFailed;
+    }
+
+    if (!bad) {
+       retval = pam_authenticate(pamh, 0);
+       if (retval != PAM_SUCCESS) {
+           pam_end(pamh, retval);
+           bad = PamAuthFailed;
+       }
+    }
+
+    if (!bad) {
+       retval = pam_acct_mgmt(pamh, 0);
+       if (retval != PAM_SUCCESS) {
+           pam_end(pamh, retval);
+           bad = PamAuthFailed;
+       }
+    }
+
+    /* this is not a session, so do not do session management */
+
+    if (!bad) pam_end(pamh, PAM_SUCCESS);
+#endif /* USE_PAM */
+
+#if CHECK_EUID
+    if (!bad && geteuid() == 0 && getuid() != geteuid()) {
+#else
+    if (!bad) {
+#endif
+       /* Check each argv[] */
+       for (i = 1; i < argc; i++) {
+
+           /* Check for known bad arguments */
+#if REJECT_CONFIG
+           if (strcmp(argv[i], "-config") == 0) {
+               bad = UnsafeArg;
+               break;
+           }
+#endif
+#if REJECT_XKBDIR
+           if (strcmp(argv[i], "-xkbdir") == 0) {
+               bad = UnsafeArg;
+               break;
+           }
+#endif
+           if (strlen(argv[i]) > MAX_ARG_LENGTH) {
+               bad = ArgTooLong;
+               break;
+           }
+           a = argv[i];
+           while (*a) {
+               if (checkPrintable(*a) == 0) {
+                   bad = UnprintableArg;
+                   break;
+               }
+               a++;
+           }
+           if (bad)
+               break;
+       }
+       /* Check each envp[] */
+       if (!bad)
+           for (i = 0; envp[i]; i++) {
+
+               /* Check for bad environment variables and values */
+#if REMOVE_ENV_LD
+               while (envp[i] && (strncmp(envp[i], "LD", 2) == 0)) {
+                   for (j = i; envp[j]; j++) {
+                       envp[j] = envp[j+1];
+                   }
+               }
+#endif   
+               if (envp[i] && (strlen(envp[i]) > MAX_ENV_LENGTH)) {
+#if REMOVE_LONG_ENV
+                   for (j = i; envp[j]; j++) {
+                       envp[j] = envp[j+1];
+                   }
+                   i--;
+#else
+                   char *eq;
+                   int len;
+
+                   eq = strchr(envp[i], '=');
+                   if (!eq)
+                       continue;
+                   len = eq - envp[i];
+                   e = malloc(len + 1);
+                   if (!e) {
+                       bad = InternalError;
+                       break;
+                   }
+                   strncpy(e, envp[i], len);
+                   e[len] = 0;
+                   if (len >= 4 &&
+                       (strcmp(e + len - 4, "PATH") == 0 ||
+                        strcmp(e, "TERMCAP") == 0)) {
+                       if (strlen(envp[i]) > MAX_ENV_PATH_LENGTH) {
+                           bad = EnvTooLong;
+                           break;
+                       } else {
+                           free(e);
+                       }
+                   } else {
+                       bad = EnvTooLong;
+                       break;
+                   }
+#endif
+               }
+           }
+    }
+    switch (bad) {
+    case NotBad:
+       execve(XSERVER_PATH, argv, envp);
+       fprintf(stderr, "execve failed for %s (errno %d)\n", XSERVER_PATH,
+               errno);
+       break;
+    case UnsafeArg:
+       fprintf(stderr, "Command line argument number %d is unsafe\n", i);
+       fprintf(stderr, ARGMSG);
+       break;
+    case ArgTooLong:
+       fprintf(stderr, "Command line argument number %d is too long\n", i);
+       fprintf(stderr, ARGMSG);
+       break;
+    case UnprintableArg:
+       fprintf(stderr, "Command line argument number %d contains unprintable"
+               " characters\n", i);
+       fprintf(stderr, ARGMSG);
+       break;
+    case EnvTooLong:
+       fprintf(stderr, "Environment variable `%s' is too long\n", e);
+       fprintf(stderr, ENVMSG);
+       break;
+    case InternalError:
+       fprintf(stderr, "Internal Error\n");
+       break;
+#ifdef USE_PAM
+    case PamFailed:
+       fprintf(stderr, "Authentication System Failure, "
+                       "missing or mangled PAM configuration file or module?\n");
+       break;
+    case PamAuthFailed:
+       fprintf(stderr, "PAM authentication failed\n");
+       break;
+#endif
+    default:
+       fprintf(stderr, "Unknown error\n");
+       fprintf(stderr, ARGMSG);
+       fprintf(stderr, ENVMSG);
+       break;
+    }
+    exit(1);
+}
+
diff -urN XFree86-4.0.1.orig/xc/programs/xinit/xinit.c XFree86-4.0.1/xc/programs/xinit/xinit.c
--- XFree86-4.0.1.orig/xc/programs/xinit/xinit.c        Wed Apr  5 20:14:08 2000
+++ XFree86-4.0.1/xc/programs/xinit/xinit.c     Mon Jul 10 04:01:04 2000
@@ -143,6 +143,7 @@
 #define        OK_EXIT         0
 #define        ERR_EXIT        1
 
+char *default_wrapper = BINDIR "/Xwrapper";
 char *default_server = "X";
 char *default_display = ":0";          /* choose most efficient */
 #ifndef __EMX__
@@ -312,7 +313,10 @@
        if (argc == 0 ||
 #ifndef __EMX__
            (**argv != '/' && **argv != '.')) {
-               *sptr++ = default_server;
+               if (access(default_wrapper, X_OK) == 0)
+                       *sptr++ = default_wrapper;
+               else
+                       *sptr++ = default_server;
 #else
            (**argv != '/' && **argv != '\\' && **argv != '.' &&
             !(isalpha(**argv) && (*argv)[1]==':'))) {