rpms/gdm/devel gdm-2.21.10-fix-gaping-security-hole.patch, NONE, 1.1 gdm.spec, 1.370, 1.371

Ray Strode (rstrode) fedora-extras-commits at redhat.com
Fri Apr 11 20:27:31 UTC 2008 

Author: rstrode

Update of /cvs/pkgs/rpms/gdm/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14444

Modified Files:
	gdm.spec 
Added Files:
	gdm-2.21.10-fix-gaping-security-hole.patch 
Log Message:
Fix security issue in last commit


gdm-2.21.10-fix-gaping-security-hole.patch:

--- NEW FILE gdm-2.21.10-fix-gaping-security-hole.patch ---
--- gdm-2.21.10/daemon/gdm-session-worker.c	(revision 6145)
+++ gdm-2.21.10/daemon/gdm-session-worker.c	(working copy)
@@ -111,6 +111,7 @@ struct GdmSessionWorkerPrivate
         char             *display_device;
         char             *hostname;
         char             *username;
+        uid_t             uid;
         gboolean          password_is_required;
 
         int               cred_flags;
@@ -1176,6 +1177,7 @@ _change_user (GdmSessionWorker  *worker,
                 return FALSE;
         }
 #endif
+        worker->priv->uid = uid;
 
         if (setgid (gid) < 0) {
                 return FALSE;
@@ -1574,7 +1576,7 @@ gdm_session_worker_start_user_session (G
                 char  *home_dir;
                 int    fd;
 
-                if (setuid (getuid ()) < 0) {
+                if (setuid (worker->priv->uid) < 0) {
                         g_debug ("GdmSessionWorker: could not reset uid - %s", g_strerror (errno));
                         _exit (1);
                 }


Index: gdm.spec
===================================================================
RCS file: /cvs/pkgs/rpms/gdm/devel/gdm.spec,v
retrieving revision 1.370
retrieving revision 1.371
diff -u -r1.370 -r1.371
--- gdm.spec	11 Apr 2008 19:16:11 -0000	1.370
+++ gdm.spec	11 Apr 2008 20:26:39 -0000	1.371
@@ -16,7 +16,7 @@
 Summary: The GNOME Display Manager
 Name: gdm
 Version: 2.21.10
-Release: 0.2008.04.11.1%{?dist}
+Release: 0.2008.04.11.2%{?dist}
 Epoch: 1
 License: GPLv2+
 Group: User Interface/X
@@ -77,6 +77,7 @@
 Requires: audit-libs >= %{libauditver}
 Patch0: ck-multi.patch
 Patch1: xkb-groups.patch
+Patch2: gdm-2.21.10-fix-gaping-security-hole.patch
 Patch98: gdm-2.21.10-disable-debug-messages.patch
 Patch99: gdm-2.21.8-fedora-logo.patch
 
@@ -99,6 +100,7 @@
 %setup -q
 %patch0 -p1 -b .ck-multi
 %patch1 -p1 -b .xkb-groups
+%patch2 -p1 -b .fix-gaping-security-hole
 %patch98 -p1 -b .disable-debug-messages
 %patch99 -p1 -b .fedora-logo
 
@@ -297,6 +299,9 @@
 %{_datadir}/gnome-2.0/ui/GNOME_FastUserSwitchApplet.xml
 
 %changelog
+* Fri Apr 11 2008 Ray Strode <rstrode at redhat.com> - 1:2.21.10-0.2008.04.11.2
+Fix security issue in last commit
+
 * Fri Apr 11 2008 Ray Strode <rstrode at redhat.com> - 1:2.21.10-0.2008.04.11.1
 - Fix focus handling when tabbing from user-chooser to buttons
 - don't set real uid to user before setcred

More information about the fedora-extras-commits mailing list