xrdp-next/xrdp-0.9.15-setpriv.patch

55 lines
2.2 KiB
Diff
Raw Normal View History

2020-12-28 23:34:06 +00:00
diff -ruN xrdp-0.9.15-v/sesman/session.c xrdp-0.9.15/sesman/session.c
--- xrdp-0.9.15-v/sesman/session.c 2020-12-29 01:03:43.000000000 +1100
+++ xrdp-0.9.15/sesman/session.c 2020-12-29 10:31:37.895699198 +1100
@@ -33,10 +33,6 @@
#include "config_ac.h"
#endif
-#ifdef HAVE_SYS_PRCTL_H
-#include <sys/prctl.h>
-#endif
-
#include "sesman.h"
#include "libscp_types.h"
#include "xauth.h"
2020-12-28 23:34:06 +00:00
@@ -668,20 +664,7 @@
if (type == SESMAN_SESSION_TYPE_XORG)
{
-#ifdef HAVE_SYS_PRCTL_H
- /*
- * Make sure Xorg doesn't run setuid root. Root access is not
- * needed. Xorg can fail when run as root and the user has no
- * console permissions.
- * PR_SET_NO_NEW_PRIVS requires Linux kernel 3.5 and newer.
- */
- if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0)
- {
2020-12-28 23:34:06 +00:00
- LOG(LOG_LEVEL_WARNING,
- "Failed to disable setuid on X server: %s",
- g_get_strerror());
- }
-#endif
+ char *setpriv = g_strdup("setpriv");
xserver_params = list_create();
xserver_params->auto_free = 1;
2020-12-28 23:34:06 +00:00
@@ -690,6 +673,8 @@
xserver = g_strdup((const char *)list_get_item(g_cfg->xorg_params, 0));
/* these are the must have parameters */
+ list_add_item(xserver_params, (tintptr) setpriv);
+ list_add_item(xserver_params, (tintptr) g_strdup("--no-new-privs"));
list_add_item(xserver_params, (tintptr) g_strdup(xserver));
list_add_item(xserver_params, (tintptr) g_strdup(screen));
list_add_item(xserver_params, (tintptr) g_strdup("-auth"));
2020-12-28 23:34:06 +00:00
@@ -713,7 +698,7 @@
g_setenv("XRDP_START_HEIGHT", geometry, 1);
/* fire up Xorg */
- g_execvp(xserver, pp1);
+ g_execvp(setpriv, pp1);
}
else if (type == SESMAN_SESSION_TYPE_XVNC)
{