rpms/gdm/devel gdm-2.21.10-fix-gaping-security-hole.patch, NONE, 1.1 gdm.spec, 1.370, 1.371
Ray Strode (rstrode)
fedora-extras-commits at redhat.com
Fri Apr 11 20:27:31 UTC 2008
Author: rstrode
Update of /cvs/pkgs/rpms/gdm/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14444
Modified Files:
gdm.spec
Added Files:
gdm-2.21.10-fix-gaping-security-hole.patch
Log Message:
Fix security issue in last commit
gdm-2.21.10-fix-gaping-security-hole.patch:
--- NEW FILE gdm-2.21.10-fix-gaping-security-hole.patch ---
--- gdm-2.21.10/daemon/gdm-session-worker.c (revision 6145)
+++ gdm-2.21.10/daemon/gdm-session-worker.c (working copy)
@@ -111,6 +111,7 @@ struct GdmSessionWorkerPrivate
char *display_device;
char *hostname;
char *username;
+ uid_t uid;
gboolean password_is_required;
int cred_flags;
@@ -1176,6 +1177,7 @@ _change_user (GdmSessionWorker *worker,
return FALSE;
}
#endif
+ worker->priv->uid = uid;
if (setgid (gid) < 0) {
return FALSE;
@@ -1574,7 +1576,7 @@ gdm_session_worker_start_user_session (G
char *home_dir;
int fd;
- if (setuid (getuid ()) < 0) {
+ if (setuid (worker->priv->uid) < 0) {
g_debug ("GdmSessionWorker: could not reset uid - %s", g_strerror (errno));
_exit (1);
}
Index: gdm.spec
===================================================================
RCS file: /cvs/pkgs/rpms/gdm/devel/gdm.spec,v
retrieving revision 1.370
retrieving revision 1.371
diff -u -r1.370 -r1.371
--- gdm.spec 11 Apr 2008 19:16:11 -0000 1.370
+++ gdm.spec 11 Apr 2008 20:26:39 -0000 1.371
@@ -16,7 +16,7 @@
Summary: The GNOME Display Manager
Name: gdm
Version: 2.21.10
-Release: 0.2008.04.11.1%{?dist}
+Release: 0.2008.04.11.2%{?dist}
Epoch: 1
License: GPLv2+
Group: User Interface/X
@@ -77,6 +77,7 @@
Requires: audit-libs >= %{libauditver}
Patch0: ck-multi.patch
Patch1: xkb-groups.patch
+Patch2: gdm-2.21.10-fix-gaping-security-hole.patch
Patch98: gdm-2.21.10-disable-debug-messages.patch
Patch99: gdm-2.21.8-fedora-logo.patch
@@ -99,6 +100,7 @@
%setup -q
%patch0 -p1 -b .ck-multi
%patch1 -p1 -b .xkb-groups
+%patch2 -p1 -b .fix-gaping-security-hole
%patch98 -p1 -b .disable-debug-messages
%patch99 -p1 -b .fedora-logo
@@ -297,6 +299,9 @@
%{_datadir}/gnome-2.0/ui/GNOME_FastUserSwitchApplet.xml
%changelog
+* Fri Apr 11 2008 Ray Strode <rstrode at redhat.com> - 1:2.21.10-0.2008.04.11.2
+Fix security issue in last commit
+
* Fri Apr 11 2008 Ray Strode <rstrode at redhat.com> - 1:2.21.10-0.2008.04.11.1
- Fix focus handling when tabbing from user-chooser to buttons
- don't set real uid to user before setcred
More information about the fedora-extras-commits
mailing list