1 --- hw/xfree86/os-support/linux/lnx_init.c 2005-08-26 09:35:55.000000000 +0200
2 +++ hw/xfree86/os-support/linux/lnx_init.c 2005-12-22 10:52:06.630963000 +0100
5 /* when KeepTty check if we're run with euid==0 */
6 if (KeepTty && geteuid() != 0)
7 - FatalError("xf86OpenConsole:"
8 - " Server must be suid root for option \"KeepTTY\"\n");
9 + FatalError("xf86OpenConsole: Server must be running with root "
11 + "You should be using Xwrapper to start the server or xdm.\n"
12 + "We strongly advise against making the server SUID root!\n");
15 * setup the virtual terminal manager
16 --- os/wrapper.c 1970-01-01 01:00:00.000000000 +0100
17 +++ os/wrapper.c 2005-12-22 10:50:53.610963000 +0100
22 + * This wrapper makes some sanity checks on the command line arguments
23 + * and environment variables when run with euid == 0 && euid != uid.
24 + * If the checks fail, the wrapper exits with a message.
25 + * If they succeed, it exec's the Xserver.
29 + * Copyright (c) 1998 by The XFree86 Project, Inc. All Rights Reserved.
31 + * Permission is hereby granted, free of charge, to any person obtaining
32 + * a copy of this software and associated documentation files (the
33 + * "Software"), to deal in the Software without restriction, including
34 + * without limitation the rights to use, copy, modify, merge, publish,
35 + * distribute, sublicense, and/or sell copies of the Software, and to
36 + * permit persons to whom the Software is furnished to do so, subject
37 + * to the following conditions:
39 + * The above copyright notice and this permission notice shall be included
40 + * in all copies or substantial portions of the Software.
42 + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
43 + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
44 + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
45 + * IN NO EVENT SHALL THE XFREE86 PROJECT BE LIABLE FOR ANY CLAIM, DAMAGES
46 + * OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
47 + * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE
48 + * OR OTHER DEALINGS IN THE SOFTWARE.
50 + * Except as contained in this notice, the name of the XFree86 Project
51 + * shall not be used in advertising or otherwise to promote the sale,
52 + * use or other dealings in this Software without prior written
53 + * authorization from the XFree86 Project.
56 +/* $XFree86: xc/programs/Xserver/os/wrapper.c,v 1.1.2.5 1998/02/27 15:28:59 dawes Exp $ */
58 +/* This is normally set in the Imakefile */
60 +#define XSERVER_PATH "/etc/X11/X"
68 +#include <sys/types.h>
70 +#include <security/pam_appl.h>
71 +#include <security/pam_misc.h>
75 +/* Neither of these should be required for XFree86 3.3.2 */
76 +#ifndef REJECT_CONFIG
77 +#define REJECT_CONFIG 0
79 +#ifndef REJECT_XKBDIR
80 +#define REJECT_XKBDIR 0
83 +/* Consider LD* variables insecure ? */
84 +#ifndef REMOVE_ENV_LD
85 +#define REMOVE_ENV_LD 1
88 +/* Remove long environment variables? */
89 +#ifndef REMOVE_LONG_ENV
90 +#define REMOVE_LONG_ENV 1
93 +/* Check args and env only if running setuid (euid == 0 && euid != uid) ? */
99 + * Maybe the locale can be faked to make isprint(3) report that everything
100 + * is printable? Avoid it by default.
103 +#define USE_ISPRINT 0
106 +#define MAX_ARG_LENGTH 128
107 +#define MAX_ENV_LENGTH 256
108 +#define MAX_ENV_PATH_LENGTH 2048
112 +#define checkPrintable(c) isprint(c)
114 +#define checkPrintable(c) (((c) & 0x7f) >= 0x20 && ((c) & 0x7f) != 0x7f)
127 +#endif /* USE_PAM */
131 + "\nIf the arguments used are valid, and have been rejected incorrectly\n" \
132 + "please send details of the arguments and why they are valid to\n" \
133 + "XFree86@XFree86.org. In the meantime, you can start the Xserver as\n" \
134 + "the \"super user\" (root).\n"
137 + "\nIf the environment is valid, and have been rejected incorrectly\n" \
138 + "please send details of the environment and why it is valid to\n" \
139 + "XFree86@XFree86.org. In the meantime, you can start the Xserver as\n" \
140 + "the \"super user\" (root).\n"
143 +static struct pam_conv conv = {
147 +#endif /* USE_PAM */
151 +main(int argc, char **argv, char **envp)
153 + enum BadCode bad = NotBad;
157 + pam_handle_t *pamh = NULL;
161 + pw = getpwuid(getuid());
163 + bad = InternalError;
167 + retval = pam_start("xserver", pw->pw_name, &conv, &pamh);
168 + if (retval != PAM_SUCCESS)
173 + retval = pam_authenticate(pamh, 0);
174 + if (retval != PAM_SUCCESS) {
175 + pam_end(pamh, retval);
176 + bad = PamAuthFailed;
181 + retval = pam_acct_mgmt(pamh, 0);
182 + if (retval != PAM_SUCCESS) {
183 + pam_end(pamh, retval);
184 + bad = PamAuthFailed;
188 + /* this is not a session, so do not do session management */
190 + if (!bad) pam_end(pamh, PAM_SUCCESS);
191 +#endif /* USE_PAM */
194 + if (!bad && geteuid() == 0 && getuid() != geteuid()) {
198 + /* Check each argv[] */
199 + for (i = 1; i < argc; i++) {
201 + /* Check for known bad arguments */
203 + if (strcmp(argv[i], "-config") == 0) {
209 + if (strcmp(argv[i], "-xkbdir") == 0) {
214 + if (strlen(argv[i]) > MAX_ARG_LENGTH) {
220 + if (checkPrintable(*a) == 0) {
221 + bad = UnprintableArg;
229 + /* Check each envp[] */
231 + for (i = 0; envp[i]; i++) {
233 + /* Check for bad environment variables and values */
235 + while (envp[i] && (strncmp(envp[i], "LD", 2) == 0)) {
236 + for (j = i; envp[j]; j++) {
237 + envp[j] = envp[j+1];
241 + if (envp[i] && (strlen(envp[i]) > MAX_ENV_LENGTH)) {
243 + for (j = i; envp[j]; j++) {
244 + envp[j] = envp[j+1];
251 + eq = strchr(envp[i], '=');
254 + len = eq - envp[i];
255 + e = malloc(len + 1);
257 + bad = InternalError;
260 + strncpy(e, envp[i], len);
263 + (strcmp(e + len - 4, "PATH") == 0 ||
264 + strcmp(e, "TERMCAP") == 0)) {
265 + if (strlen(envp[i]) > MAX_ENV_PATH_LENGTH) {
281 + execve(XSERVER_PATH, argv, envp);
282 + fprintf(stderr, "execve failed for %s (errno %d)\n", XSERVER_PATH,
286 + fprintf(stderr, "Command line argument number %d is unsafe\n", i);
287 + fprintf(stderr, ARGMSG);
290 + fprintf(stderr, "Command line argument number %d is too long\n", i);
291 + fprintf(stderr, ARGMSG);
293 + case UnprintableArg:
294 + fprintf(stderr, "Command line argument number %d contains unprintable"
295 + " characters\n", i);
296 + fprintf(stderr, ARGMSG);
299 + fprintf(stderr, "Environment variable `%s' is too long\n", e);
300 + fprintf(stderr, ENVMSG);
302 + case InternalError:
303 + fprintf(stderr, "Internal Error\n");
307 + fprintf(stderr, "Authentication System Failure, "
308 + "missing or mangled PAM configuration file or module?\n");
310 + case PamAuthFailed:
311 + fprintf(stderr, "PAM authentication failed\n");
315 + fprintf(stderr, "Unknown error\n");
316 + fprintf(stderr, ARGMSG);
317 + fprintf(stderr, ENVMSG);
323 --- os/Makefile.am 2005-12-06 16:50:35.000000000 +0100
324 +++ os/Makefile.am 2006-02-05 14:36:53.211755250 +0100
329 +bin_PROGRAMS = Xwrapper
330 +Xwrapper_SOURCES = wrapper.c
331 +Xwrapper_CFLAGS = -DUSE_PAM -DXSERVER_PATH=\"/usr/bin/Xorg\" $(AM_CFLAGS)
332 +Xwrapper_LDADD = -lpam_misc
335 libos_la_SOURCES += $(SECURERPC_SRCS)