From 8f999fe9fee73817a2df90a7664b6b43334453bb Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Mon, 21 Aug 2023 14:39:55 +0200 Subject: [PATCH] ignore TERMINFO and HOME only if setuid/setgid/capability (#2211666) Resolves: #2211666 --- ncurses-setuid.patch | 134 +++++++++++++++++++++++++++++++++++++++++++ ncurses.spec | 4 +- 2 files changed, 137 insertions(+), 1 deletion(-) create mode 100644 ncurses-setuid.patch diff --git a/ncurses-setuid.patch b/ncurses-setuid.patch new file mode 100644 index 0000000..03436f6 --- /dev/null +++ b/ncurses-setuid.patch @@ -0,0 +1,134 @@ +diff -up ncurses-6.2-20210508/configure.setuid ncurses-6.2-20210508/configure +--- ncurses-6.2-20210508/configure.setuid 2021-05-02 02:35:51.000000000 +0200 ++++ ncurses-6.2-20210508/configure 2023-08-21 14:22:48.925376959 +0200 +@@ -784,6 +784,7 @@ Fine-Tuning Your Configuration: + --enable-getcap-cache cache translated termcaps in ~/.terminfo + --disable-home-terminfo drop ~/.terminfo from terminfo search-path + --disable-root-environ restrict environment when running as root ++ --disable-setuid-environ restrict setuid use of ncurses environment variables + --enable-symlinks make tic use symbolic links not hard links + --enable-broken_linker compile with broken-linker support code + --enable-bsdpad recognize BSD-style prefix padding +@@ -9224,6 +9225,20 @@ cat >>confdefs.h <<\EOF + #define USE_ROOT_ENVIRON 1 + EOF + ++# Check whether --enable-setuid-environ or --disable-setuid-environ was given. ++if test "${enable_setuid_environ+set}" = set; then ++ enableval="$enable_setuid_environ" ++ with_setuid_environ=$enableval ++else ++ with_setuid_environ=$with_root_environ ++fi; ++echo "$as_me:9942: result: $with_setuid_environ" >&5 ++echo "${ECHO_T}$with_setuid_environ" >&6 ++test "x$with_setuid_environ" = xyes && ++cat >>confdefs.h <<\EOF ++#define USE_SETUID_ENVIRON 1 ++EOF ++ + ### Use option --enable-symlinks to make tic use symlinks, not hard links + ### to reduce storage requirements for the terminfo database. + +diff -up ncurses-6.2-20210508/ncurses/curses.priv.h.setuid ncurses-6.2-20210508/ncurses/curses.priv.h +--- ncurses-6.2-20210508/ncurses/curses.priv.h.setuid 2021-04-04 00:12:56.000000000 +0200 ++++ ncurses-6.2-20210508/ncurses/curses.priv.h 2023-08-21 14:22:48.925376959 +0200 +@@ -210,7 +210,7 @@ extern int errno; + * If desired, one can configure this, disabling environment variables that + * point to custom terminfo/termcap locations. + */ +-#ifdef USE_ROOT_ENVIRON ++#if defined(USE_ROOT_ENVIRON) && defined(USE_SETUID_ENVIRON) + #define use_terminfo_vars() 1 + #else + #define use_terminfo_vars() _nc_env_access() +diff -up ncurses-6.2-20210508/ncurses/tinfo/access.c.setuid ncurses-6.2-20210508/ncurses/tinfo/access.c +--- ncurses-6.2-20210508/ncurses/tinfo/access.c.setuid 2020-08-29 18:22:03.000000000 +0200 ++++ ncurses-6.2-20210508/ncurses/tinfo/access.c 2023-08-21 14:22:48.925376959 +0200 +@@ -37,6 +37,8 @@ + + #include + ++#include ++ + MODULE_ID("$Id: access.c,v 1.27 2020/08/29 16:22:03 juergen Exp $") + + #define LOWERCASE(c) ((isalpha(UChar(c)) && isupper(UChar(c))) ? tolower(UChar(c)) : (c)) +@@ -169,7 +171,18 @@ _nc_is_file_path(const char *path) + return result; + } + +-#ifndef USE_ROOT_ENVIRON ++#define is_posix_elevated() \ ++ (getuid() != geteuid() \ ++ || getgid() != getegid()) ++ ++#define is_elevated() \ ++ (getauxval(AT_SECURE) \ ++ ? TRUE \ ++ : (errno != ENOENT \ ++ ? FALSE \ ++ : is_posix_elevated())) ++ ++#if !defined(USE_ROOT_ENVIRON) || !defined(USE_SETUID_ENVIRON) + /* + * Returns true if we allow application to use environment variables that are + * used for searching lists of directories, etc. +@@ -177,15 +190,18 @@ _nc_is_file_path(const char *path) + NCURSES_EXPORT(int) + _nc_env_access(void) + { +-#if HAVE_ISSETUGID +- if (issetugid()) +- return FALSE; +-#elif HAVE_GETEUID && HAVE_GETEGID +- if (getuid() != geteuid() +- || getgid() != getegid()) +- return FALSE; ++ int result = TRUE; ++ ++#if !defined(USE_SETUID_ENVIRON) ++ if (is_elevated()) { ++ result = FALSE; ++ } + #endif +- /* ...finally, disallow root */ +- return (getuid() != ROOT_UID) && (geteuid() != ROOT_UID); ++#if !defined(USE_ROOT_ENVIRON) ++ if ((getuid() == ROOT_UID) || (geteuid() == ROOT_UID)) { ++ result = FALSE; ++ } ++#endif ++ return result; + } + #endif +diff -up ncurses-6.2-20210508/ncurses/tinfo/comp_error.c.setuid ncurses-6.2-20210508/ncurses/tinfo/comp_error.c +--- ncurses-6.2-20210508/ncurses/tinfo/comp_error.c.setuid 2023-08-21 14:27:08.268309417 +0200 ++++ ncurses-6.2-20210508/ncurses/tinfo/comp_error.c 2023-08-21 14:33:13.716214256 +0200 +@@ -148,8 +148,8 @@ _nc_syserr_abort(const char *const fmt, + /* If we're debugging, try to show where the problem occurred - this + * will dump core. + */ +-#ifndef USE_ROOT_ENVIRON +- if (getuid() != ROOT_UID) ++#if !defined(USE_ROOT_ENVIRON) || !defined(USE_SETUID_ENVIRON) ++ if (_nc_env_access()) + #endif + abort(); + #endif +diff -up ncurses-6.2-20210508/ncurses/tinfo/write_entry.c.setuid ncurses-6.2-20210508/ncurses/tinfo/write_entry.c +--- ncurses-6.2-20210508/ncurses/tinfo/write_entry.c.setuid 2020-08-29 18:22:03.000000000 +0200 ++++ ncurses-6.2-20210508/ncurses/tinfo/write_entry.c 2023-08-21 14:32:22.738227530 +0200 +@@ -215,11 +215,7 @@ _nc_set_writedir(const char *dir) + const char *destination; + char actual[PATH_MAX]; + +- if (dir == 0 +-#ifndef USE_ROOT_ENVIRON +- && use_terminfo_vars() +-#endif +- ) ++ if (dir == 0 && use_terminfo_vars()) + dir = getenv("TERMINFO"); + + if (dir != 0) diff --git a/ncurses.spec b/ncurses.spec index baa7df9..7c5d7e4 100644 --- a/ncurses.spec +++ b/ncurses.spec @@ -14,6 +14,7 @@ Patch9: ncurses-libs.patch Patch11: ncurses-urxvt.patch Patch12: ncurses-kbs.patch Patch13: ncurses-cve-2023-29491.patch +Patch14: ncurses-setuid.patch BuildRequires: gcc gcc-c++ gpm-devel gnupg2 make pkgconfig Requires: %{name}-libs%{?_isa} = %{version}-%{release} @@ -116,6 +117,7 @@ The ncurses-static package includes static libraries of the ncurses library. %patch11 -p1 -b .urxvt %patch12 -p1 -b .kbs %patch13 -p1 -b .cve-2023-29491 +%patch14 -p1 -b .setuid for f in ANNOUNCE; do iconv -f iso8859-1 -t utf8 -o ${f}{_,} && @@ -129,7 +131,7 @@ common_options="\ --enable-overwrite \ --enable-pc-files \ --enable-xmc-glitch \ - --disable-root-environ \ + --disable-setuid-environ \ --disable-stripping \ --disable-wattr-macros \ --with-cxx-shared \