2020-12-28 23:34:06 +00:00
|
|
|
diff -ruN xrdp-0.9.15-v/sesman/session.c xrdp-0.9.15/sesman/session.c
|
|
|
|
--- xrdp-0.9.15-v/sesman/session.c 2020-12-29 01:03:43.000000000 +1100
|
|
|
|
+++ xrdp-0.9.15/sesman/session.c 2020-12-29 10:31:37.895699198 +1100
|
2017-04-08 06:24:24 +00:00
|
|
|
@@ -33,10 +33,6 @@
|
|
|
|
#include "config_ac.h"
|
|
|
|
#endif
|
|
|
|
|
|
|
|
-#ifdef HAVE_SYS_PRCTL_H
|
|
|
|
-#include <sys/prctl.h>
|
|
|
|
-#endif
|
|
|
|
-
|
|
|
|
#include "sesman.h"
|
|
|
|
#include "libscp_types.h"
|
|
|
|
#include "xauth.h"
|
2020-12-28 23:34:06 +00:00
|
|
|
@@ -668,20 +664,7 @@
|
2017-04-08 06:24:24 +00:00
|
|
|
|
|
|
|
if (type == SESMAN_SESSION_TYPE_XORG)
|
|
|
|
{
|
|
|
|
-#ifdef HAVE_SYS_PRCTL_H
|
|
|
|
- /*
|
|
|
|
- * Make sure Xorg doesn't run setuid root. Root access is not
|
|
|
|
- * needed. Xorg can fail when run as root and the user has no
|
|
|
|
- * console permissions.
|
|
|
|
- * PR_SET_NO_NEW_PRIVS requires Linux kernel 3.5 and newer.
|
|
|
|
- */
|
|
|
|
- if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0)
|
|
|
|
- {
|
2020-12-28 23:34:06 +00:00
|
|
|
- LOG(LOG_LEVEL_WARNING,
|
|
|
|
- "Failed to disable setuid on X server: %s",
|
|
|
|
- g_get_strerror());
|
2017-04-08 06:24:24 +00:00
|
|
|
- }
|
|
|
|
-#endif
|
|
|
|
+ char *setpriv = g_strdup("setpriv");
|
|
|
|
|
|
|
|
xserver_params = list_create();
|
|
|
|
xserver_params->auto_free = 1;
|
2020-12-28 23:34:06 +00:00
|
|
|
@@ -690,6 +673,8 @@
|
2017-04-08 06:24:24 +00:00
|
|
|
xserver = g_strdup((const char *)list_get_item(g_cfg->xorg_params, 0));
|
|
|
|
|
|
|
|
/* these are the must have parameters */
|
|
|
|
+ list_add_item(xserver_params, (tintptr) setpriv);
|
|
|
|
+ list_add_item(xserver_params, (tintptr) g_strdup("--no-new-privs"));
|
|
|
|
list_add_item(xserver_params, (tintptr) g_strdup(xserver));
|
|
|
|
list_add_item(xserver_params, (tintptr) g_strdup(screen));
|
|
|
|
list_add_item(xserver_params, (tintptr) g_strdup("-auth"));
|
2020-12-28 23:34:06 +00:00
|
|
|
@@ -713,7 +698,7 @@
|
2017-04-08 06:24:24 +00:00
|
|
|
g_setenv("XRDP_START_HEIGHT", geometry, 1);
|
|
|
|
|
|
|
|
/* fire up Xorg */
|
|
|
|
- g_execvp(xserver, pp1);
|
|
|
|
+ g_execvp(setpriv, pp1);
|
|
|
|
}
|
|
|
|
else if (type == SESMAN_SESSION_TYPE_XVNC)
|
|
|
|
{
|