Fix security issue in last commit

2008-04-11 20:26:39 +00:00 · 2008-04-11 20:26:39 +00:00 · 3e44bcb605
commit 3e44bcb605
parent e04b15507a
2 changed files with 33 additions and 1 deletions
--- a/gdm-2.21.10-fix-gaping-security-hole.patch
+++ b/gdm-2.21.10-fix-gaping-security-hole.patch
@ -0,0 +1,27 @@
+--- gdm-2.21.10/daemon/gdm-session-worker.c	(revision 6145)
+++ gdm-2.21.10/daemon/gdm-session-worker.c	(working copy)
+@@ -111,6 +111,7 @@ struct GdmSessionWorkerPrivate
+         char             *display_device;
+         char             *hostname;
+         char             *username;
+        uid_t             uid;
+         gboolean          password_is_required;
+ 
+         int               cred_flags;
+@@ -1176,6 +1177,7 @@ _change_user (GdmSessionWorker  *worker,
+                 return FALSE;
+         }
+ #endif
+        worker->priv->uid = uid;
+ 
+         if (setgid (gid) < 0) {
+                 return FALSE;
+@@ -1574,7 +1576,7 @@ gdm_session_worker_start_user_session (G
+                 char  *home_dir;
+                 int    fd;
+ 
+-                if (setuid (getuid ()) < 0) {
+                if (setuid (worker->priv->uid) < 0) {
+                         g_debug ("GdmSessionWorker: could not reset uid - %s", g_strerror (errno));
+                         _exit (1);
+                 }
--- a/gdm.spec
+++ b/gdm.spec
@ -16,7 +16,7 @@
 Summary: The GNOME Display Manager
 Name: gdm
 Version: 2.21.10
-Release: 0.2008.04.11.1%{?dist}
+Release: 0.2008.04.11.2%{?dist}
 Epoch: 1
 License: GPLv2+
 Group: User Interface/X
@ -77,6 +77,7 @@ BuildRequires: gnome-panel-devel
 Requires: audit-libs >= %{libauditver}
 Patch0: ck-multi.patch
 Patch1: xkb-groups.patch
+Patch2: gdm-2.21.10-fix-gaping-security-hole.patch
 Patch98: gdm-2.21.10-disable-debug-messages.patch
 Patch99: gdm-2.21.8-fedora-logo.patch

@ -99,6 +100,7 @@ multiple simulanteous logged in users.
 %setup -q
 %patch0 -p1 -b .ck-multi
 %patch1 -p1 -b .xkb-groups
+%patch2 -p1 -b .fix-gaping-security-hole
 %patch98 -p1 -b .disable-debug-messages
 %patch99 -p1 -b .fedora-logo

@ -297,6 +299,9 @@ fi
 %{_datadir}/gnome-2.0/ui/GNOME_FastUserSwitchApplet.xml

 %changelog
+* Fri Apr 11 2008 Ray Strode <rstrode@redhat.com> - 1:2.21.10-0.2008.04.11.2
+Fix security issue in last commit
+
 * Fri Apr 11 2008 Ray Strode <rstrode@redhat.com> - 1:2.21.10-0.2008.04.11.1
 - Fix focus handling when tabbing from user-chooser to buttons
 - don't set real uid to user before setcred