1 --- xc.orig/config/cf/Server.tmpl 2004-08-08 14:23:13.000000000 +0200
2 +++ xc/config/cf/Server.tmpl 2004-08-08 14:39:45.673849000 +0200
4 #ifndef DoThreadedServer
5 #define DoThreadedServer NO
7 +#ifndef XserverNeedsSetUID
8 +#define XserverNeedsSetUID NO
10 +#ifndef UseXserverWrapper
11 +#define UseXserverWrapper XserverNeedsSetUID
13 #ifndef InstallServerSetUID
14 -#define InstallServerSetUID NO
15 +#define InstallServerSetUID (XserverNeedsSetUID && !UseXserverWrapper)
18 #ifdef CrossCompileDir
19 --- xc.orig/config/cf/xorgsite.def 2004-08-08 14:31:29.000000000 +0200
20 +++ xc/config/cf/xorgsite.def 2004-08-08 14:39:45.727840792 +0200
25 - * If you only run the X server under xdm the X servers don't need to be
26 - * installed SetUID, and you may comment out the lines below. If you run
27 - * the servers by hand (with xinit or startx), then they do need to be
28 - * installed SetUID on most platforms.
29 + * The X servers need to run as root on most OSs. We're now using a
30 + * wrapper in that case, but we still need to make it known that the
31 + * servers need SetUID. When only using xdm, this (and the wrapper)
32 + * are not required. Disabling this automatically disables use of the
35 - * Consult your system administrator before making the X server setuid.
36 + * If you're only starting the Xservers with xdm set this to NO
38 -#define InstallXserverSetUID NO
39 +#define XserverNeedsSetUID NO
43 --- xc.orig/config/cf/xorg.cf 2004-08-08 14:31:29.000000000 +0200
44 +++ xc/config/cf/xorg.cf 2004-08-08 14:39:45.744838208 +0200
49 - * The default is to install the X servers setuid-root on most OSs.
50 - * It the servers are only started by xdm, they should not be setuid-root.
51 + * The X servers need to run as root on most OSs. We're now using a
52 + * wrapper in that case, but we still need to make it known that the
53 + * servers need SetUID. When only using xdm, this (and the wrapper)
54 + * are not required. Disabling this automatically disables use of the
57 #if !defined(i386MachArchitecture) && !defined(OS2Architecture)
58 -# ifndef InstallXserverSetUID
59 -# define InstallXserverSetUID YES
60 +# ifndef XserverNeedsSetUID
61 +# define XserverNeedsSetUID YES
65 --- xc.orig/programs/Xserver/Imakefile 2004-08-08 14:22:53.000000000 +0200
66 +++ xc/programs/Xserver/Imakefile 2004-08-08 14:39:45.765835016 +0200
69 XCOMM $XFree86: xc/programs/Xserver/Imakefile,v 3.296 2003/11/23 06:47:00 torrey Exp $
71 -#ifndef InstallXserverSetUID
72 -#define InstallXserverSetUID NO
74 -#define InstallServerSetUID InstallXserverSetUID
76 #include <Server.tmpl>
78 #if (defined (XFree86Version) || defined(XorgVersion))
80 #endif /* XnestServer */
83 +#if UseXserverWrapper
84 +SetUIDProgramTarget(Xwrapper,os/wrapper.o,NullParameter,$(PAMLIBS),NullParameter)
85 +InstallProgramWithFlags(Xwrapper,$(BINDIR),$(INSTUIDFLAGS))
88 #if defined(XnonServer) && XnonServer
90 XCOMM non server, just compile sources for build test
91 --- xc.orig/programs/Xserver/hw/xfree86/os-support/linux/lnx_init.c 2004-08-08 14:22:46.000000000 +0200
92 +++ xc/programs/Xserver/hw/xfree86/os-support/linux/lnx_init.c 2004-08-08 14:39:45.793830760 +0200
94 /* check if we're run with euid==0 */
97 - FatalError("xf86OpenConsole: Server must be suid root\n");
98 + FatalError("xf86OpenConsole: Server must be running with root "
100 + "You should be using Xwrapper to start the server or xdm.\n"
101 + "We strongly advise against making the server SUID root!\n");
105 --- xc.orig/programs/Xserver/os/Imakefile 2004-08-08 14:22:51.000000000 +0200
106 +++ xc/programs/Xserver/os/Imakefile 2004-08-08 14:39:45.844823008 +0200
108 INCLUDES = -I. -I../include -I$(XINCLUDESRC) -I$(EXTINCSRC) \
109 -I$(SERVERSRC)/Xext -I$(FONTINCSRC) -I$(SERVERSRC)/render \
110 -I$(TOP)/lib/Xau -I../lbx Krb5Includes
111 + EXTRA_DEFINES = -DUSE_PAM
112 DEPEND_DEFINES = $(DBM_DEFINES) $(XDMCP_DEFINES) $(EXT_DEFINES) \
113 $(TRANS_INCLUDES) $(CONNECTION_FLAGS) $(GETPEER_DEFINES) \
116 SpecialCObjectRule(oscolor,$(ICONFIGFILES),$(DBM_DEFINES))
119 +#if UseXserverWrapper
120 +AllTarget(wrapper.o)
122 + WRAPPER_DEFINES = -DXSERVER_PATH=\"/etc/X11/X\"
124 +SpecialCObjectRule(wrapper,NullParameter,$(WRAPPER_DEFINES))
128 LinkSourceFile(k5encode.c,$(XAUTHSRC))
130 --- xc.orig/programs/Xserver/os/wrapper.c 1970-01-01 01:00:00.000000000 +0100
131 +++ xc/programs/Xserver/os/wrapper.c 2004-08-08 14:39:45.845822856 +0200
134 + * X server wrapper.
136 + * This wrapper makes some sanity checks on the command line arguments
137 + * and environment variables when run with euid == 0 && euid != uid.
138 + * If the checks fail, the wrapper exits with a message.
139 + * If they succeed, it exec's the Xserver.
143 + * Copyright (c) 1998 by The XFree86 Project, Inc. All Rights Reserved.
145 + * Permission is hereby granted, free of charge, to any person obtaining
146 + * a copy of this software and associated documentation files (the
147 + * "Software"), to deal in the Software without restriction, including
148 + * without limitation the rights to use, copy, modify, merge, publish,
149 + * distribute, sublicense, and/or sell copies of the Software, and to
150 + * permit persons to whom the Software is furnished to do so, subject
151 + * to the following conditions:
153 + * The above copyright notice and this permission notice shall be included
154 + * in all copies or substantial portions of the Software.
156 + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
157 + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
158 + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
159 + * IN NO EVENT SHALL THE XFREE86 PROJECT BE LIABLE FOR ANY CLAIM, DAMAGES
160 + * OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
161 + * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE
162 + * OR OTHER DEALINGS IN THE SOFTWARE.
164 + * Except as contained in this notice, the name of the XFree86 Project
165 + * shall not be used in advertising or otherwise to promote the sale,
166 + * use or other dealings in this Software without prior written
167 + * authorization from the XFree86 Project.
170 +/* $XFree86: xc/programs/Xserver/os/wrapper.c,v 1.1.2.5 1998/02/27 15:28:59 dawes Exp $ */
172 +/* This is normally set in the Imakefile */
173 +#ifndef XSERVER_PATH
174 +#define XSERVER_PATH "/etc/X11/X"
182 +#include <sys/types.h>
184 +#include <security/pam_appl.h>
185 +#include <security/pam_misc.h>
187 +#endif /* USE_PAM */
189 +/* Neither of these should be required for XFree86 3.3.2 */
190 +#ifndef REJECT_CONFIG
191 +#define REJECT_CONFIG 0
193 +#ifndef REJECT_XKBDIR
194 +#define REJECT_XKBDIR 0
197 +/* Consider LD* variables insecure ? */
198 +#ifndef REMOVE_ENV_LD
199 +#define REMOVE_ENV_LD 1
202 +/* Remove long environment variables? */
203 +#ifndef REMOVE_LONG_ENV
204 +#define REMOVE_LONG_ENV 1
207 +/* Check args and env only if running setuid (euid == 0 && euid != uid) ? */
209 +#define CHECK_EUID 1
213 + * Maybe the locale can be faked to make isprint(3) report that everything
214 + * is printable? Avoid it by default.
217 +#define USE_ISPRINT 0
220 +#define MAX_ARG_LENGTH 128
221 +#define MAX_ENV_LENGTH 256
222 +#define MAX_ENV_PATH_LENGTH 2048
226 +#define checkPrintable(c) isprint(c)
228 +#define checkPrintable(c) (((c) & 0x7f) >= 0x20 && ((c) & 0x7f) != 0x7f)
241 +#endif /* USE_PAM */
245 + "\nIf the arguments used are valid, and have been rejected incorrectly\n" \
246 + "please send details of the arguments and why they are valid to\n" \
247 + "XFree86@XFree86.org. In the meantime, you can start the Xserver as\n" \
248 + "the \"super user\" (root).\n"
251 + "\nIf the environment is valid, and have been rejected incorrectly\n" \
252 + "please send details of the environment and why it is valid to\n" \
253 + "XFree86@XFree86.org. In the meantime, you can start the Xserver as\n" \
254 + "the \"super user\" (root).\n"
257 +static struct pam_conv conv = {
261 +#endif /* USE_PAM */
265 +main(int argc, char **argv, char **envp)
267 + enum BadCode bad = NotBad;
271 + pam_handle_t *pamh = NULL;
275 + pw = getpwuid(getuid());
277 + bad = InternalError;
281 + retval = pam_start("xserver", pw->pw_name, &conv, &pamh);
282 + if (retval != PAM_SUCCESS)
287 + retval = pam_authenticate(pamh, 0);
288 + if (retval != PAM_SUCCESS) {
289 + pam_end(pamh, retval);
290 + bad = PamAuthFailed;
295 + retval = pam_acct_mgmt(pamh, 0);
296 + if (retval != PAM_SUCCESS) {
297 + pam_end(pamh, retval);
298 + bad = PamAuthFailed;
302 + /* this is not a session, so do not do session management */
304 + if (!bad) pam_end(pamh, PAM_SUCCESS);
305 +#endif /* USE_PAM */
308 + if (!bad && geteuid() == 0 && getuid() != geteuid()) {
312 + /* Check each argv[] */
313 + for (i = 1; i < argc; i++) {
315 + /* Check for known bad arguments */
317 + if (strcmp(argv[i], "-config") == 0) {
323 + if (strcmp(argv[i], "-xkbdir") == 0) {
328 + if (strlen(argv[i]) > MAX_ARG_LENGTH) {
334 + if (checkPrintable(*a) == 0) {
335 + bad = UnprintableArg;
343 + /* Check each envp[] */
345 + for (i = 0; envp[i]; i++) {
347 + /* Check for bad environment variables and values */
349 + while (envp[i] && (strncmp(envp[i], "LD", 2) == 0)) {
350 + for (j = i; envp[j]; j++) {
351 + envp[j] = envp[j+1];
355 + if (envp[i] && (strlen(envp[i]) > MAX_ENV_LENGTH)) {
357 + for (j = i; envp[j]; j++) {
358 + envp[j] = envp[j+1];
365 + eq = strchr(envp[i], '=');
368 + len = eq - envp[i];
369 + e = malloc(len + 1);
371 + bad = InternalError;
374 + strncpy(e, envp[i], len);
377 + (strcmp(e + len - 4, "PATH") == 0 ||
378 + strcmp(e, "TERMCAP") == 0)) {
379 + if (strlen(envp[i]) > MAX_ENV_PATH_LENGTH) {
395 + execve(XSERVER_PATH, argv, envp);
396 + fprintf(stderr, "execve failed for %s (errno %d)\n", XSERVER_PATH,
400 + fprintf(stderr, "Command line argument number %d is unsafe\n", i);
401 + fprintf(stderr, ARGMSG);
404 + fprintf(stderr, "Command line argument number %d is too long\n", i);
405 + fprintf(stderr, ARGMSG);
407 + case UnprintableArg:
408 + fprintf(stderr, "Command line argument number %d contains unprintable"
409 + " characters\n", i);
410 + fprintf(stderr, ARGMSG);
413 + fprintf(stderr, "Environment variable `%s' is too long\n", e);
414 + fprintf(stderr, ENVMSG);
416 + case InternalError:
417 + fprintf(stderr, "Internal Error\n");
421 + fprintf(stderr, "Authentication System Failure, "
422 + "missing or mangled PAM configuration file or module?\n");
424 + case PamAuthFailed:
425 + fprintf(stderr, "PAM authentication failed\n");
429 + fprintf(stderr, "Unknown error\n");
430 + fprintf(stderr, ARGMSG);
431 + fprintf(stderr, ENVMSG);
437 --- xc.orig/programs/xinit/startx.cpp 2004-08-08 14:22:55.000000000 +0200
438 +++ xc/programs/xinit/startx.cpp 2004-08-08 14:39:45.874818448 +0200
440 sysclientrc=XINITDIR/xinitrc
441 sysserverrc=XINITDIR/xserverrc
442 defaultclient=BINDIR/xterm
443 -defaultserver=BINDIR/X
444 +defaultserver=BINDIR/Xwrapper
448 --- xc.orig/programs/xinit/xinit.c 2004-08-08 14:22:55.000000000 +0200
449 +++ xc/programs/xinit/xinit.c 2004-08-08 14:39:45.900814496 +0200
454 +char *default_wrapper = BINDIR "/Xwrapper";
455 char *default_server = "X";
456 char *default_display = ":0"; /* choose most efficient */
457 char *default_client[] = {"xterm", "-geometry", "+1+1", "-n", "login", NULL};
461 (**argv != '/' && **argv != '.')) {
462 - *sptr++ = default_server;
463 + if (access(default_wrapper, X_OK) == 0)
464 + *sptr++ = default_wrapper;
466 + *sptr++ = default_server;
468 (**argv != '/' && **argv != '\\' && **argv != '.' &&
469 !(isalpha(**argv) && (*argv)[1]==':'))) {