[packages/X11.git] / XFree86-Xwrapper.patch

diff -urN xc.orig/config/cf/Server.tmpl xc/config/cf/Server.tmpl
--- xc.orig/config/cf/Server.tmpl	Mon Dec 30 15:52:30 2002
+++ xc/config/cf/Server.tmpl	Mon Dec 30 17:31:51 2002
@@ -25,8 +25,14 @@
 #ifndef DoThreadedServer
 #define DoThreadedServer NO
 #endif
+#ifndef XserverNeedsSetUID
+#define XserverNeedsSetUID NO
+#endif
+#ifndef UseXserverWrapper
+#define UseXserverWrapper XserverNeedsSetUID
+#endif
 #ifndef InstallServerSetUID
-#define InstallServerSetUID NO
+#define InstallServerSetUID (XserverNeedsSetUID && !UseXserverWrapper)
 #endif
 
 #ifdef CrossCompileDir
diff -urN xc.orig/config/cf/xf86site.def xc/config/cf/xf86site.def
--- xc.orig/config/cf/xf86site.def	Mon Dec 30 15:52:31 2002
+++ xc/config/cf/xf86site.def	Mon Dec 30 17:37:06 2002
@@ -69,14 +69,15 @@
  */
 
 /*
- * If you only run the X server under xdm the X servers don't need to be
- * installed SetUID, and you may comment out the lines below.  If you run
- * the servers by hand (with xinit or startx), then they do need to be
- * installed SetUID on most platforms.
+ * The X servers need to run as root on most OSs.  We're now using a
+ * wrapper in that case, but we still need to make it known that the
+ * servers need SetUID.  When only using xdm, this (and the wrapper)
+ * are not required.  Disabling this automatically disables use of the
+ * wrapper.
  *
- * Consult your system administrator before making the X server setuid.
+ * If you're only starting the Xservers with xdm set this to NO
  *
-#define InstallXserverSetUID	NO
+#define XserverNeedsSetUID    NO
  */
 
 
diff -urN xc.orig/config/cf/xfree86.cf xc/config/cf/xfree86.cf
--- xc.orig/config/cf/xfree86.cf	Mon Dec 30 15:52:31 2002
+++ xc/config/cf/xfree86.cf	Mon Dec 30 17:31:51 2002
@@ -1104,12 +1104,15 @@
 #endif
 
 /*
- * The default is to install the X servers setuid-root on most OSs.
- * It the servers are only started by xdm, they should not be setuid-root.
+ * The X servers need to run as root on most OSs.  We're now using a
+ * wrapper in that case, but we still need to make it known that the
+ * servers need SetUID.  When only using xdm, this (and the wrapper)
+ * are not required.  Disabling this automatically disables use of the
+ * wrapper.
  */
 #if !defined(i386MachArchitecture) && !defined(OS2Architecture)
-# ifndef InstallXserverSetUID
-#  define InstallXserverSetUID	YES
+# ifndef XserverNeedsSetUID
+#  define XserverNeedsSetUID	YES
 # endif
 #endif
 
diff -urN xc.orig/programs/Xserver/Imakefile xc/programs/Xserver/Imakefile
--- xc.orig/programs/Xserver/Imakefile	Mon Dec 30 15:53:22 2002
+++ xc/programs/Xserver/Imakefile	Mon Dec 30 17:31:51 2002
@@ -4,11 +4,6 @@
  */
 XCOMM $XFree86: xc/programs/Xserver/Imakefile,v 3.275 2002/12/21 00:19:11 torrey Exp $
 
-#ifndef InstallXserverSetUID
-#define InstallXserverSetUID NO
-#endif
-#define InstallServerSetUID InstallXserverSetUID
-
 #include <Server.tmpl>
 
 #ifdef XFree86Version
@@ -1146,6 +1141,11 @@
 #endif /* XnestServer */
 
 
+#if UseXserverWrapper
+SetUIDProgramTarget(Xwrapper,os/wrapper.o,NullParameter,$(PAMLIBS),NullParameter)
+InstallProgramWithFlags(Xwrapper,$(BINDIR),$(INSTUIDFLAGS))
+#endif
+
 #if defined(XnonServer) && XnonServer
 XCOMM
 XCOMM non server, just compile sources for build test
diff -urN xc.orig/programs/Xserver/hw/xfree86/os-support/linux/lnx_init.c xc/programs/Xserver/hw/xfree86/os-support/linux/lnx_init.c
--- xc.orig/programs/Xserver/hw/xfree86/os-support/linux/lnx_init.c	Mon Dec 30 15:53:52 2002
+++ xc/programs/Xserver/hw/xfree86/os-support/linux/lnx_init.c	Mon Dec 30 17:31:51 2002
@@ -66,7 +66,10 @@
 	/* check if we're run with euid==0 */
 	if (geteuid() != 0)
 	{
-	    FatalError("xf86OpenConsole: Server must be suid root\n");
+	    FatalError("xf86OpenConsole: Server must be running with root "
+	        "permissions\n"
+		"You should be using Xwrapper to start the server or xdm.\n"
+		"We strongly advise against making the server SUID root!\n");
 	}
 
 	/*
--- xc/programs/Xserver/os/Imakefile.orig	2006-02-19 16:51:31.000000000 +0100
+++ xc/programs/Xserver/os/Imakefile	2006-07-19 21:30:56.576028250 +0200
@@ -193,6 +193,7 @@
 		  -I$(SERVERSRC)/Xext -I$(SERVERSRC)/render \
 		  -I$(SERVERSRC)/lbx -I$(SERVERSRC)/Xprint \
 		  -I$(TOP)/lib/Xau Krb5Includes
+  EXTRA_DEFINES = -DUSE_PAM
  DEPEND_DEFINES = $(DBM_DEFINES) $(XDMCP_DEFINES) \
 		  $(TRANS_INCLUDES) $(CONNECTION_FLAGS) DependDefines
        LINTLIBS = ../dix/llib-ldix.ln
@@ -239,6 +240,14 @@
 SpecialCObjectRule(oscolor,$(ICONFIGFILES),$(DBM_DEFINES))
 #endif
 
+#if UseXserverWrapper
+AllTarget(wrapper.o)
+
+       WRAPPER_DEFINES = -DXSERVER_PATH=\"/etc/X11/X\"
+
+SpecialCObjectRule(wrapper,NullParameter,$(WRAPPER_DEFINES))
+#endif
+
 #if HasKrb5
 LinkSourceFile(k5encode.c,$(XAUTHSRC))
 #endif
diff -urN xc.orig/programs/Xserver/os/wrapper.c xc/programs/Xserver/os/wrapper.c
--- xc.orig/programs/Xserver/os/wrapper.c	Thu Jan  1 01:00:00 1970
+++ xc/programs/Xserver/os/wrapper.c	Mon Dec 30 17:31:52 2002
@@ -0,0 +1,304 @@
+/*
+ * X server wrapper.
+ *
+ * This wrapper makes some sanity checks on the command line arguments
+ * and environment variables when run with euid == 0 && euid != uid.
+ * If the checks fail, the wrapper exits with a message.
+ * If they succeed, it exec's the Xserver.
+ */
+
+/*
+ * Copyright (c) 1998 by The XFree86 Project, Inc.  All Rights Reserved.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject
+ * to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included
+ * in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+ * IN NO EVENT SHALL THE XFREE86 PROJECT BE LIABLE FOR ANY CLAIM, DAMAGES
+ * OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+ * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE
+ * OR OTHER DEALINGS IN THE SOFTWARE.
+ *
+ * Except as contained in this notice, the name of the XFree86 Project
+ * shall not be used in advertising or otherwise to promote the sale,
+ * use or other dealings in this Software without prior written
+ * authorization from the XFree86 Project.
+ */
+
+/* $XFree86: xc/programs/Xserver/os/wrapper.c,v 1.1.2.5 1998/02/27 15:28:59 dawes Exp $ */
+
+/* This is normally set in the Imakefile */
+#ifndef XSERVER_PATH
+#define XSERVER_PATH	"/etc/X11/X"
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <unistd.h>
+#include <sys/types.h>
+#ifdef USE_PAM
+#include <security/pam_appl.h>
+#include <security/pam_misc.h>
+#include <pwd.h>
+#endif /* USE_PAM */
+
+/* Neither of these should be required for XFree86 3.3.2 */
+#ifndef REJECT_CONFIG
+#define REJECT_CONFIG 0
+#endif
+#ifndef REJECT_XKBDIR
+#define REJECT_XKBDIR 0
+#endif
+
+/* Consider LD* variables insecure ? */
+#ifndef REMOVE_ENV_LD
+#define REMOVE_ENV_LD 1
+#endif
+
+/* Remove long environment variables? */
+#ifndef REMOVE_LONG_ENV
+#define REMOVE_LONG_ENV 1
+#endif
+
+/* Check args and env only if running setuid (euid == 0 && euid != uid) ? */
+#ifndef CHECK_EUID
+#define CHECK_EUID 1
+#endif
+
+/*
+ * Maybe the locale can be faked to make isprint(3) report that everything
+ * is printable?  Avoid it by default.
+ */
+#ifndef USE_ISPRINT
+#define USE_ISPRINT 0
+#endif
+
+#define MAX_ARG_LENGTH		128
+#define MAX_ENV_LENGTH		256
+#define MAX_ENV_PATH_LENGTH	2048
+
+#if USE_ISPRINT
+#include <ctype.h>
+#define checkPrintable(c) isprint(c)
+#else
+#define checkPrintable(c) (((c) & 0x7f) >= 0x20 && ((c) & 0x7f) != 0x7f)
+#endif
+
+enum BadCode {
+    NotBad = 0,
+    UnsafeArg,
+    ArgTooLong,
+    UnprintableArg,
+    EnvTooLong,
+    InternalError,
+#ifdef USE_PAM
+    PamFailed,
+    PamAuthFailed,
+#endif /* USE_PAM */
+};
+
+#define ARGMSG \
+    "\nIf the arguments used are valid, and have been rejected incorrectly\n" \
+      "please send details of the arguments and why they are valid to\n" \
+      "XFree86@XFree86.org.  In the meantime, you can start the Xserver as\n" \
+      "the \"super user\" (root).\n"   
+
+#define ENVMSG \
+    "\nIf the environment is valid, and have been rejected incorrectly\n" \
+      "please send details of the environment and why it is valid to\n" \
+      "XFree86@XFree86.org.  In the meantime, you can start the Xserver as\n" \
+      "the \"super user\" (root).\n"
+
+#ifdef USE_PAM
+static struct pam_conv conv = {
+    misc_conv,
+    NULL
+};
+#endif /* USE_PAM */
+
+
+int
+main(int argc, char **argv, char **envp)
+{
+    enum BadCode bad = NotBad;
+    int i, j;
+    char *a, *e;
+#ifdef USE_PAM
+    pam_handle_t *pamh = NULL;
+    struct passwd *pw;
+    int retval;
+
+    pw = getpwuid(getuid());
+    if (pw == NULL) {
+	bad = InternalError;
+    }
+
+    if (!bad) {
+	retval = pam_start("xserver", pw->pw_name, &conv, &pamh);
+	if (retval != PAM_SUCCESS)
+	    bad = PamFailed;
+    }
+
+    if (!bad) {
+	retval = pam_authenticate(pamh, 0);
+	if (retval != PAM_SUCCESS) {
+	    pam_end(pamh, retval);
+	    bad = PamAuthFailed;
+	}
+    }
+
+    if (!bad) {
+	retval = pam_acct_mgmt(pamh, 0);
+	if (retval != PAM_SUCCESS) {
+	    pam_end(pamh, retval);
+	    bad = PamAuthFailed;
+	}
+    }
+
+    /* this is not a session, so do not do session management */
+
+    if (!bad) pam_end(pamh, PAM_SUCCESS);
+#endif /* USE_PAM */
+
+#if CHECK_EUID
+    if (!bad && geteuid() == 0 && getuid() != geteuid()) {
+#else
+    if (!bad) {
+#endif
+	/* Check each argv[] */
+	for (i = 1; i < argc; i++) {
+
+	    /* Check for known bad arguments */
+#if REJECT_CONFIG
+	    if (strcmp(argv[i], "-config") == 0) {
+		bad = UnsafeArg;
+		break;
+	    }
+#endif
+#if REJECT_XKBDIR
+	    if (strcmp(argv[i], "-xkbdir") == 0) {
+		bad = UnsafeArg;
+		break;
+	    }
+#endif
+	    if (strlen(argv[i]) > MAX_ARG_LENGTH) {
+		bad = ArgTooLong;
+		break;
+	    }
+	    a = argv[i];
+	    while (*a) {
+		if (checkPrintable(*a) == 0) {
+		    bad = UnprintableArg;
+		    break;
+		}
+		a++;
+	    }
+	    if (bad)
+		break;
+	}
+	/* Check each envp[] */
+	if (!bad)
+	    for (i = 0; envp[i]; i++) {
+
+		/* Check for bad environment variables and values */
+#if REMOVE_ENV_LD
+		while (envp[i] && (strncmp(envp[i], "LD", 2) == 0)) {
+		    for (j = i; envp[j]; j++) {
+			envp[j] = envp[j+1];
+		    }
+		}
+#endif   
+		if (envp[i] && (strlen(envp[i]) > MAX_ENV_LENGTH)) {
+#if REMOVE_LONG_ENV
+		    for (j = i; envp[j]; j++) {
+			envp[j] = envp[j+1];
+		    }
+		    i--;
+#else
+		    char *eq;
+		    int len;
+
+		    eq = strchr(envp[i], '=');
+		    if (!eq)
+			continue;
+		    len = eq - envp[i];
+		    e = malloc(len + 1);
+		    if (!e) {
+			bad = InternalError;
+			break;
+		    }
+		    strncpy(e, envp[i], len);
+		    e[len] = 0;
+		    if (len >= 4 &&
+			(strcmp(e + len - 4, "PATH") == 0 ||
+			 strcmp(e, "TERMCAP") == 0)) {
+			if (strlen(envp[i]) > MAX_ENV_PATH_LENGTH) {
+			    bad = EnvTooLong;
+			    break;
+			} else {
+			    free(e);
+			}
+		    } else {
+			bad = EnvTooLong;
+			break;
+		    }
+#endif
+		}
+	    }
+    }
+    switch (bad) {
+    case NotBad:
+	execve(XSERVER_PATH, argv, envp);
+	fprintf(stderr, "execve failed for %s (errno %d)\n", XSERVER_PATH,
+		errno);
+	break;
+    case UnsafeArg:
+	fprintf(stderr, "Command line argument number %d is unsafe\n", i);
+	fprintf(stderr, ARGMSG);
+	break;
+    case ArgTooLong:
+	fprintf(stderr, "Command line argument number %d is too long\n", i);
+	fprintf(stderr, ARGMSG);
+	break;
+    case UnprintableArg:
+	fprintf(stderr, "Command line argument number %d contains unprintable"
+		" characters\n", i);
+	fprintf(stderr, ARGMSG);
+	break;
+    case EnvTooLong:
+	fprintf(stderr, "Environment variable `%s' is too long\n", e);
+	fprintf(stderr, ENVMSG);
+	break;
+    case InternalError:
+	fprintf(stderr, "Internal Error\n");
+	break;
+#ifdef USE_PAM
+    case PamFailed:
+	fprintf(stderr, "Authentication System Failure, "
+			"missing or mangled PAM configuration file or module?\n");
+	break;
+    case PamAuthFailed:
+	fprintf(stderr, "PAM authentication failed\n");
+	break;
+#endif
+    default:
+	fprintf(stderr, "Unknown error\n");
+	fprintf(stderr, ARGMSG);
+	fprintf(stderr, ENVMSG);
+	break;
+    }
+    exit(1);
+}
+
diff -urN xc.orig/programs/xinit/startx.cpp xc/programs/xinit/startx.cpp
--- xc.orig/programs/xinit/startx.cpp	Mon Dec 30 15:54:10 2002
+++ xc/programs/xinit/startx.cpp	Mon Dec 30 17:31:52 2002
@@ -53,7 +53,7 @@
 sysclientrc=XINITDIR/xinitrc
 sysserverrc=XINITDIR/xserverrc
 defaultclient=BINDIR/xterm
-defaultserver=BINDIR/X
+defaultserver=BINDIR/Xwrapper
 defaultclientargs=""
 defaultserverargs=""
 clientargs=""
diff -urN xc.orig/programs/xinit/xinit.c xc/programs/xinit/xinit.c
--- xc.orig/programs/xinit/xinit.c	Mon Dec 30 15:54:10 2002
+++ xc/programs/xinit/xinit.c	Mon Dec 30 17:31:52 2002
@@ -146,6 +146,7 @@
 #define	OK_EXIT		0
 #define	ERR_EXIT	1
 
+char *default_wrapper = BINDIR "/Xwrapper";
 char *default_server = "X";
 char *default_display = ":0";		/* choose most efficient */
 char *default_client[] = {"xterm", "-geometry", "+1+1", "-n", "login", NULL};
@@ -332,7 +333,10 @@
 	if (argc == 0 ||
 #ifndef __UNIXOS2__
 	    (**argv != '/' && **argv != '.')) {
-		*sptr++ = default_server;
+		if (access(default_wrapper, X_OK) == 0)
+			*sptr++ = default_wrapper;
+		else
+			*sptr++ = default_server;
 #else
 	    (**argv != '/' && **argv != '\\' && **argv != '.' &&
 	     !(isalpha(**argv) && (*argv)[1]==':'))) {
Commit	Line	Data
159289d8	1	diff -urN xc.orig/config/cf/Server.tmpl xc/config/cf/Server.tmpl
	2	--- xc.orig/config/cf/Server.tmpl Mon Dec 30 15:52:30 2002
	3	+++ xc/config/cf/Server.tmpl Mon Dec 30 17:31:51 2002
	4	@@ -25,8 +25,14 @@
	5	#ifndef DoThreadedServer
	6	#define DoThreadedServer NO
ed7f0291 JR	7	#endif
	8	+#ifndef XserverNeedsSetUID
	9	+#define XserverNeedsSetUID NO
	10	+#endif
	11	+#ifndef UseXserverWrapper
	12	+#define UseXserverWrapper XserverNeedsSetUID
	13	+#endif
	14	#ifndef InstallServerSetUID
	15	-#define InstallServerSetUID NO
	16	+#define InstallServerSetUID (XserverNeedsSetUID && !UseXserverWrapper)
	17	#endif
	18
159289d8	19	#ifdef CrossCompileDir
	20	diff -urN xc.orig/config/cf/xf86site.def xc/config/cf/xf86site.def
	21	--- xc.orig/config/cf/xf86site.def Mon Dec 30 15:52:31 2002
	22	+++ xc/config/cf/xf86site.def Mon Dec 30 17:37:06 2002
	23	@@ -69,14 +69,15 @@
ed7f0291 JR	24	*/
	25
	26	/*
	27	- * If you only run the X server under xdm the X servers don't need to be
	28	- * installed SetUID, and you may comment out the lines below. If you run
	29	- * the servers by hand (with xinit or startx), then they do need to be
159289d8	30	- * installed SetUID on most platforms.
ed7f0291 JR	31	+ * The X servers need to run as root on most OSs. We're now using a
	32	+ * wrapper in that case, but we still need to make it known that the
	33	+ * servers need SetUID. When only using xdm, this (and the wrapper)
	34	+ * are not required. Disabling this automatically disables use of the
	35	+ * wrapper.
	36	*
159289d8	37	- * Consult your system administrator before making the X server setuid.
ed7f0291	38	+ * If you're only starting the Xservers with xdm set this to NO
159289d8	39	*
	40	-#define InstallXserverSetUID NO
	41	+#define XserverNeedsSetUID NO
ed7f0291 JR	42	*/
ed7f0291 JR	43
159289d8	44
	45	diff -urN xc.orig/config/cf/xfree86.cf xc/config/cf/xfree86.cf
	46	--- xc.orig/config/cf/xfree86.cf Mon Dec 30 15:52:31 2002
	47	+++ xc/config/cf/xfree86.cf Mon Dec 30 17:31:51 2002
	48	@@ -1104,12 +1104,15 @@
ed7f0291 JR	49	#endif
	50
	51	/*
	52	- * The default is to install the X servers setuid-root on most OSs.
	53	- * It the servers are only started by xdm, they should not be setuid-root.
	54	+ * The X servers need to run as root on most OSs. We're now using a
	55	+ * wrapper in that case, but we still need to make it known that the
	56	+ * servers need SetUID. When only using xdm, this (and the wrapper)
	57	+ * are not required. Disabling this automatically disables use of the
	58	+ * wrapper.
	59	*/
	60	#if !defined(i386MachArchitecture) && !defined(OS2Architecture)
	61	-# ifndef InstallXserverSetUID
	62	-# define InstallXserverSetUID YES
	63	+# ifndef XserverNeedsSetUID
	64	+# define XserverNeedsSetUID YES
	65	# endif
	66	#endif
	67
159289d8	68	diff -urN xc.orig/programs/Xserver/Imakefile xc/programs/Xserver/Imakefile
	69	--- xc.orig/programs/Xserver/Imakefile Mon Dec 30 15:53:22 2002
	70	+++ xc/programs/Xserver/Imakefile Mon Dec 30 17:31:51 2002
ed7f0291 JR	71	@@ -4,11 +4,6 @@
ed7f0291 JR	72	*/
159289d8	73	XCOMM $XFree86: xc/programs/Xserver/Imakefile,v 3.275 2002/12/21 00:19:11 torrey Exp $
ed7f0291 JR	74
	75	-#ifndef InstallXserverSetUID
	76	-#define InstallXserverSetUID NO
	77	-#endif
	78	-#define InstallServerSetUID InstallXserverSetUID
	79	-
	80	#include <Server.tmpl>
	81
	82	#ifdef XFree86Version
159289d8	83	@@ -1146,6 +1141,11 @@
1d5726dc	84	#endif /* XnestServer */
ed7f0291	85
159289d8	86
ed7f0291 JR	87	+#if UseXserverWrapper
	88	+SetUIDProgramTarget(Xwrapper,os/wrapper.o,NullParameter,$(PAMLIBS),NullParameter)
	89	+InstallProgramWithFlags(Xwrapper,$(BINDIR),$(INSTUIDFLAGS))
	90	+#endif
159289d8	91	+
159289d8	92	#if defined(XnonServer) && XnonServer
1d5726dc	93	XCOMM
159289d8	94	XCOMM non server, just compile sources for build test
	95	diff -urN xc.orig/programs/Xserver/hw/xfree86/os-support/linux/lnx_init.c xc/programs/Xserver/hw/xfree86/os-support/linux/lnx_init.c
	96	--- xc.orig/programs/Xserver/hw/xfree86/os-support/linux/lnx_init.c Mon Dec 30 15:53:52 2002
	97	+++ xc/programs/Xserver/hw/xfree86/os-support/linux/lnx_init.c Mon Dec 30 17:31:51 2002
1d5726dc	98	@@ -66,7 +66,10 @@
ed7f0291 JR	99	/* check if we're run with euid==0 */
	100	if (geteuid() != 0)
	101	{
	102	- FatalError("xf86OpenConsole: Server must be suid root\n");
	103	+ FatalError("xf86OpenConsole: Server must be running with root "
	104	+ "permissions\n"
	105	+ "You should be using Xwrapper to start the server or xdm.\n"
	106	+ "We strongly advise against making the server SUID root!\n");
	107	}
	108
	109	/*
e4b70fb0 JB	110	--- xc/programs/Xserver/os/Imakefile.orig 2006-02-19 16:51:31.000000000 +0100
	111	+++ xc/programs/Xserver/os/Imakefile 2006-07-19 21:30:56.576028250 +0200
	112	@@ -193,6 +193,7 @@
	113	-I$(SERVERSRC)/Xext -I$(SERVERSRC)/render \
	114	-I$(SERVERSRC)/lbx -I$(SERVERSRC)/Xprint \
	115	-I$(TOP)/lib/Xau Krb5Includes
	116	+ EXTRA_DEFINES = -DUSE_PAM
	117	DEPEND_DEFINES = $(DBM_DEFINES) $(XDMCP_DEFINES) \
	118	$(TRANS_INCLUDES) $(CONNECTION_FLAGS) DependDefines
	119	LINTLIBS = ../dix/llib-ldix.ln
	120	@@ -239,6 +240,14 @@
ed7f0291	121	SpecialCObjectRule(oscolor,$(ICONFIGFILES),$(DBM_DEFINES))
159289d8	122	#endif
159289d8	123
ed7f0291 JR	124	+#if UseXserverWrapper
	125	+AllTarget(wrapper.o)
	126	+
	127	+ WRAPPER_DEFINES = -DXSERVER_PATH=\"/etc/X11/X\"
	128	+
	129	+SpecialCObjectRule(wrapper,NullParameter,$(WRAPPER_DEFINES))
159289d8	130	+#endif
159289d8	131	+
ed7f0291	132	#if HasKrb5
159289d8	133	LinkSourceFile(k5encode.c,$(XAUTHSRC))
	134	#endif
	135	diff -urN xc.orig/programs/Xserver/os/wrapper.c xc/programs/Xserver/os/wrapper.c
	136	--- xc.orig/programs/Xserver/os/wrapper.c Thu Jan 1 01:00:00 1970
	137	+++ xc/programs/Xserver/os/wrapper.c Mon Dec 30 17:31:52 2002
ed7f0291 JR	138	@@ -0,0 +1,304 @@
	139	+/*
	140	+ * X server wrapper.
	141	+ *
	142	+ * This wrapper makes some sanity checks on the command line arguments
	143	+ * and environment variables when run with euid == 0 && euid != uid.
	144	+ * If the checks fail, the wrapper exits with a message.
	145	+ * If they succeed, it exec's the Xserver.
	146	+ */
	147	+
	148	+/*
	149	+ * Copyright (c) 1998 by The XFree86 Project, Inc. All Rights Reserved.
	150	+ *
	151	+ * Permission is hereby granted, free of charge, to any person obtaining
	152	+ * a copy of this software and associated documentation files (the
	153	+ * "Software"), to deal in the Software without restriction, including
	154	+ * without limitation the rights to use, copy, modify, merge, publish,
	155	+ * distribute, sublicense, and/or sell copies of the Software, and to
	156	+ * permit persons to whom the Software is furnished to do so, subject
	157	+ * to the following conditions:
	158	+ *
	159	+ * The above copyright notice and this permission notice shall be included
	160	+ * in all copies or substantial portions of the Software.
	161	+ *
	162	+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
	163	+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
	164	+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
	165	+ * IN NO EVENT SHALL THE XFREE86 PROJECT BE LIABLE FOR ANY CLAIM, DAMAGES
	166	+ * OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
	167	+ * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE
	168	+ * OR OTHER DEALINGS IN THE SOFTWARE.
	169	+ *
	170	+ * Except as contained in this notice, the name of the XFree86 Project
	171	+ * shall not be used in advertising or otherwise to promote the sale,
	172	+ * use or other dealings in this Software without prior written
	173	+ * authorization from the XFree86 Project.
	174	+ */
	175	+
	176	+/* $XFree86: xc/programs/Xserver/os/wrapper.c,v 1.1.2.5 1998/02/27 15:28:59 dawes Exp $ */
	177	+
	178	+/* This is normally set in the Imakefile */
	179	+#ifndef XSERVER_PATH
	180	+#define XSERVER_PATH "/etc/X11/X"
	181	+#endif
	182	+
	183	+#include <stdio.h>
	184	+#include <stdlib.h>
	185	+#include <string.h>
	186	+#include <errno.h>
	187	+#include <unistd.h>
	188	+#include <sys/types.h>
	189	+#ifdef USE_PAM
	190	+#include <security/pam_appl.h>
	191	+#include <security/pam_misc.h>
	192	+#include <pwd.h>
	193	+#endif /* USE_PAM */
	194	+
	195	+/* Neither of these should be required for XFree86 3.3.2 */
	196	+#ifndef REJECT_CONFIG
	197	+#define REJECT_CONFIG 0
	198	+#endif
	199	+#ifndef REJECT_XKBDIR
	200	+#define REJECT_XKBDIR 0
	201	+#endif
202	+
203	+/* Consider LD* variables insecure ? */
204	+#ifndef REMOVE_ENV_LD
205	+#define REMOVE_ENV_LD 1
206	+#endif
207	+
208	+/* Remove long environment variables? */
209	+#ifndef REMOVE_LONG_ENV
210	+#define REMOVE_LONG_ENV 1
211	+#endif
212	+
213	+/* Check args and env only if running setuid (euid == 0 && euid != uid) ? */
214	+#ifndef CHECK_EUID
215	+#define CHECK_EUID 1
216	+#endif
217	+
218	+/*
219	+ * Maybe the locale can be faked to make isprint(3) report that everything
220	+ * is printable? Avoid it by default.
221	+ */
222	+#ifndef USE_ISPRINT
223	+#define USE_ISPRINT 0
224	+#endif
225	+
226	+#define MAX_ARG_LENGTH 128
227	+#define MAX_ENV_LENGTH 256
228	+#define MAX_ENV_PATH_LENGTH 2048
229	+
230	+#if USE_ISPRINT
231	+#include <ctype.h>
232	+#define checkPrintable(c) isprint(c)
233	+#else
234	+#define checkPrintable(c) (((c) & 0x7f) >= 0x20 && ((c) & 0x7f) != 0x7f)
235	+#endif
236	+
237	+enum BadCode {
238	+ NotBad = 0,
239	+ UnsafeArg,
240	+ ArgTooLong,
241	+ UnprintableArg,
242	+ EnvTooLong,
243	+ InternalError,
244	+#ifdef USE_PAM
245	+ PamFailed,
246	+ PamAuthFailed,
247	+#endif /* USE_PAM */
248	+};
249	+
250	+#define ARGMSG \
251	+ "\nIf the arguments used are valid, and have been rejected incorrectly\n" \
252	+ "please send details of the arguments and why they are valid to\n" \
253	+ "XFree86@XFree86.org. In the meantime, you can start the Xserver as\n" \
254	+ "the \"super user\" (root).\n"
255	+
256	+#define ENVMSG \
257	+ "\nIf the environment is valid, and have been rejected incorrectly\n" \
258	+ "please send details of the environment and why it is valid to\n" \
259	+ "XFree86@XFree86.org. In the meantime, you can start the Xserver as\n" \
260	+ "the \"super user\" (root).\n"
261	+
262	+#ifdef USE_PAM
263	+static struct pam_conv conv = {
264	+ misc_conv,
265	+ NULL
266	+};
267	+#endif /* USE_PAM */
268	+
269	+
270	+int
271	+main(int argc, char argv, char envp)
272	+{
273	+ enum BadCode bad = NotBad;
274	+ int i, j;
275	+ char a, e;
276	+#ifdef USE_PAM
277	+ pam_handle_t *pamh = NULL;
278	+ struct passwd *pw;
279	+ int retval;
280	+
281	+ pw = getpwuid(getuid());
282	+ if (pw == NULL) {
283	+ bad = InternalError;
284	+ }
285	+
286	+ if (!bad) {
287	+ retval = pam_start("xserver", pw->pw_name, &conv, &pamh);
288	+ if (retval != PAM_SUCCESS)
289	+ bad = PamFailed;
290	+ }
291	+
292	+ if (!bad) {
293	+ retval = pam_authenticate(pamh, 0);
294	+ if (retval != PAM_SUCCESS) {
295	+ pam_end(pamh, retval);
296	+ bad = PamAuthFailed;
297	+ }
298	+ }
299	+
300	+ if (!bad) {
301	+ retval = pam_acct_mgmt(pamh, 0);
302	+ if (retval != PAM_SUCCESS) {
303	+ pam_end(pamh, retval);
304	+ bad = PamAuthFailed;
305	+ }
306	+ }
307	+
308	+ /* this is not a session, so do not do session management */
309	+
310	+ if (!bad) pam_end(pamh, PAM_SUCCESS);
311	+#endif /* USE_PAM */
312	+
313	+#if CHECK_EUID
314	+ if (!bad && geteuid() == 0 && getuid() != geteuid()) {
315	+#else
316	+ if (!bad) {
317	+#endif
318	+ /* Check each argv[] */
319	+ for (i = 1; i < argc; i++) {
320	+
321	+ /* Check for known bad arguments */
322	+#if REJECT_CONFIG
323	+ if (strcmp(argv[i], "-config") == 0) {
324	+ bad = UnsafeArg;
325	+ break;
326	+ }
327	+#endif
328	+#if REJECT_XKBDIR
329	+ if (strcmp(argv[i], "-xkbdir") == 0) {
330	+ bad = UnsafeArg;
331	+ break;
332	+ }
333	+#endif
334	+ if (strlen(argv[i]) > MAX_ARG_LENGTH) {
335	+ bad = ArgTooLong;
336	+ break;
337	+ }
338	+ a = argv[i];
339	+ while (*a) {
340	+ if (checkPrintable(*a) == 0) {
341	+ bad = UnprintableArg;
342	+ break;
343	+ }
344	+ a++;
345	+ }
346	+ if (bad)
347	+ break;
348	+ }
349	+ /* Check each envp[] */
350	+ if (!bad)
351	+ for (i = 0; envp[i]; i++) {
352	+
353	+ /* Check for bad environment variables and values */
354	+#if REMOVE_ENV_LD
355	+ while (envp[i] && (strncmp(envp[i], "LD", 2) == 0)) {
356	+ for (j = i; envp[j]; j++) {
357	+ envp[j] = envp[j+1];
358	+ }
359	+ }
360	+#endif
361	+ if (envp[i] && (strlen(envp[i]) > MAX_ENV_LENGTH)) {
362	+#if REMOVE_LONG_ENV
363	+ for (j = i; envp[j]; j++) {
364	+ envp[j] = envp[j+1];
365	+ }
366	+ i--;
367	+#else
368	+ char *eq;
369	+ int len;
370	+
371	+ eq = strchr(envp[i], '=');
372	+ if (!eq)
373	+ continue;
374	+ len = eq - envp[i];
375	+ e = malloc(len + 1);
376	+ if (!e) {
377	+ bad = InternalError;
378	+ break;
379	+ }
380	+ strncpy(e, envp[i], len);
381	+ e[len] = 0;
382	+ if (len >= 4 &&
383	+ (strcmp(e + len - 4, "PATH") == 0 \|\|
384	+ strcmp(e, "TERMCAP") == 0)) {
385	+ if (strlen(envp[i]) > MAX_ENV_PATH_LENGTH) {
386	+ bad = EnvTooLong;
387	+ break;
388	+ } else {
389	+ free(e);
390	+ }
391	+ } else {
392	+ bad = EnvTooLong;
393	+ break;
394	+ }
395	+#endif
396	+ }
397	+ }
398	+ }
399	+ switch (bad) {
400	+ case NotBad:
401	+ execve(XSERVER_PATH, argv, envp);
402	+ fprintf(stderr, "execve failed for %s (errno %d)\n", XSERVER_PATH,
403	+ errno);
404	+ break;
405	+ case UnsafeArg:
406	+ fprintf(stderr, "Command line argument number %d is unsafe\n", i);
407	+ fprintf(stderr, ARGMSG);
408	+ break;
409	+ case ArgTooLong:
410	+ fprintf(stderr, "Command line argument number %d is too long\n", i);
411	+ fprintf(stderr, ARGMSG);
412	+ break;
413	+ case UnprintableArg:
414	+ fprintf(stderr, "Command line argument number %d contains unprintable"
415	+ " characters\n", i);
416	+ fprintf(stderr, ARGMSG);
417	+ break;
418	+ case EnvTooLong:
419	+ fprintf(stderr, "Environment variable `%s' is too long\n", e);
420	+ fprintf(stderr, ENVMSG);
421	+ break;
422	+ case InternalError:
423	+ fprintf(stderr, "Internal Error\n");
424	+ break;
425	+#ifdef USE_PAM
426	+ case PamFailed:
427	+ fprintf(stderr, "Authentication System Failure, "
428	+ "missing or mangled PAM configuration file or module?\n");
429	+ break;
430	+ case PamAuthFailed:
431	+ fprintf(stderr, "PAM authentication failed\n");
432	+ break;
433	+#endif
434	+ default:
435	+ fprintf(stderr, "Unknown error\n");
436	+ fprintf(stderr, ARGMSG);
437	+ fprintf(stderr, ENVMSG);
438	+ break;
439	+ }
440	+ exit(1);
441	+}
442	+
159289d8	443	diff -urN xc.orig/programs/xinit/startx.cpp xc/programs/xinit/startx.cpp
	444	--- xc.orig/programs/xinit/startx.cpp Mon Dec 30 15:54:10 2002
	445	+++ xc/programs/xinit/startx.cpp Mon Dec 30 17:31:52 2002
	446	@@ -53,7 +53,7 @@
	447	sysclientrc=XINITDIR/xinitrc
	448	sysserverrc=XINITDIR/xserverrc
	449	defaultclient=BINDIR/xterm
	450	-defaultserver=BINDIR/X
	451	+defaultserver=BINDIR/Xwrapper
	452	defaultclientargs=""
	453	defaultserverargs=""
	454	clientargs=""
	455	diff -urN xc.orig/programs/xinit/xinit.c xc/programs/xinit/xinit.c
	456	--- xc.orig/programs/xinit/xinit.c Mon Dec 30 15:54:10 2002
	457	+++ xc/programs/xinit/xinit.c Mon Dec 30 17:31:52 2002
	458	@@ -146,6 +146,7 @@
ed7f0291 JR	459	#define OK_EXIT 0
	460	#define ERR_EXIT 1
	461
	462	+char *default_wrapper = BINDIR "/Xwrapper";
	463	char *default_server = "X";
	464	char default_display = ":0"; / choose most efficient */
159289d8	465	char *default_client[] = {"xterm", "-geometry", "+1+1", "-n", "login", NULL};
159289d8	466	@@ -332,7 +333,10 @@
ed7f0291	467	if (argc == 0 \|\|
159289d8	468	#ifndef __UNIXOS2__
ed7f0291 JR	469	(argv != '/' && argv != '.')) {
	470	- *sptr++ = default_server;
	471	+ if (access(default_wrapper, X_OK) == 0)
	472	+ *sptr++ = default_wrapper;
	473	+ else
	474	+ *sptr++ = default_server;
	475	#else
	476	(argv != '/' && argv != '\\' && **argv != '.' &&
	477	!(isalpha(*argv) && (argv)[1]==':'))) {