summaryrefslogtreecommitdiffstats
path: root/opensuse/core/tdebase/bnc584223.diff
diff options
context:
space:
mode:
Diffstat (limited to 'opensuse/core/tdebase/bnc584223.diff')
-rw-r--r--opensuse/core/tdebase/bnc584223.diff189
1 files changed, 189 insertions, 0 deletions
diff --git a/opensuse/core/tdebase/bnc584223.diff b/opensuse/core/tdebase/bnc584223.diff
new file mode 100644
index 000000000..370abf150
--- /dev/null
+++ b/opensuse/core/tdebase/bnc584223.diff
@@ -0,0 +1,189 @@
+--- kdebase-3.5.10/kdm/backend/ctrl.c.sav 2010-03-23 13:22:28.000000000 +0100
++++ kdebase-3.5.10/kdm/backend/ctrl.c 2010-03-23 14:21:48.619350322 +0100
+@@ -78,7 +78,25 @@ nukeSock( struct cmdsock *cs )
+ }
+
+
++#ifdef HONORS_SOCKET_PERMS
+ static CtrlRec ctrl = { 0, 0, -1, 0, 0, { -1, 0, 0 } };
++#else
++static CtrlRec ctrl = { 0, 0, 0, -1, 0, 0, { -1, 0, 0 } };
++
++static int mkTempDir( char *dir )
++{
++ int i, l = strlen( dir ) - 6;
++
++ for (i = 0; i < 100; i++) {
++ randomStr( dir + l );
++ if (!mkdir( dir, 0700 ))
++ return True;
++ if (errno != EEXIST)
++ break;
++ }
++ return False;
++}
++#endif
+
+ void
+ openCtrl( struct display *d )
+@@ -140,22 +158,50 @@ openCtrl( struct display *d )
+ if (strlen( cr->path ) >= sizeof(sa.sun_path))
+ LogError( "path %\"s too long; no control sockets will be available\n",
+ cr->path );
+- else if (mkdir( sockdir, 0755 ) && errno != EEXIST)
++#ifdef HONORS_SOCKET_PERMS
++ else if (mkdir( sockdir, 0700 ) && errno != EEXIST)
+ LogError( "mkdir %\"s failed; no control sockets will be available\n",
+ sockdir );
++ else if (unlink( cr->path ) && errno != ENOENT)
++ LogError( "unlink %\"s failed: %m; control socket will not be available\n",
++ cr->path );
+ else {
+- if (!d)
+- chown( sockdir, -1, fifoGroup );
++#else
++ else if (unlink( sockdir ) && errno != ENOENT)
++ LogError( "unlink %\"s failed: %m; control socket will not be available\n",
++ sockdir );
++ else if (!strApp( &cr->realdir, sockdir, "-XXXXXX", (char *)0))
++ ;
++ else if (!mkTempDir( cr->realdir )) {
++ LogError( "mkdir %\"s failed: %m; control socket will not be available\n",
++ cr->realdir );
++ free( cr->realdir );
++ cr->realdir = 0;
++ } else if (symlink( cr->realdir, sockdir )) {
++ LogError( "symlink %\"s => %\"s failed: %m; control socket will not be available\n",
++ sockdir, cr->realdir );
++ rmdir( cr->realdir );
++ free( cr->realdir );
++ cr->realdir = 0;
++ } else {
++ chown( sockdir, 0, d ? 0 : fifoGroup );
+ chmod( sockdir, 0750 );
++#endif
+ if ((cr->fd = socket( PF_UNIX, SOCK_STREAM, 0 )) < 0)
+ LogError( "Cannot create control socket\n" );
+ else {
+- unlink( cr->path );
+ sa.sun_family = AF_UNIX;
+ strcpy( sa.sun_path, cr->path );
+ if (!bind( cr->fd, (struct sockaddr *)&sa, sizeof(sa) )) {
+ if (!listen( cr->fd, 5 )) {
++#ifdef HONORS_SOCKET_PERMS
++ chmod( cr->path, 0660 );
++ if (!d)
++ chown( cr->path, -1, fifoGroup );
++ chmod( sockdir, 0755 );
++#else
+ chmod( cr->path, 0666 );
++#endif
+ RegisterCloseOnFork( cr->fd );
+ RegisterInput( cr->fd );
+ free( sockdir );
+@@ -170,6 +216,14 @@ openCtrl( struct display *d )
+ close( cr->fd );
+ cr->fd = -1;
+ }
++#ifdef HONORS_SOCKET_PERMS
++ rmdir( sockdir );
++#else
++ unlink( sockdir );
++ rmdir( cr->realdir );
++ free( cr->realdir );
++ cr->realdir = 0;
++#endif
+ }
+ free( cr->path );
+ cr->path = 0;
+@@ -190,7 +244,14 @@ closeCtrl( struct display *d )
+ cr->fd = -1;
+ unlink( cr->path );
+ *strrchr( cr->path, '/' ) = 0;
++#ifdef HONORS_SOCKET_PERMS
+ rmdir( cr->path );
++#else
++ unlink( cr->path );
++ rmdir( cr->realdir );
++ free( cr->realdir );
++ cr->realdir = 0;
++#endif
+ free( cr->path );
+ cr->path = 0;
+ while (cr->css) {
+@@ -218,12 +279,12 @@ chownCtrl( CtrlRec *cr, int uid )
+ {
+ if (cr->fpath)
+ chown( cr->fpath, uid, -1 );
+- if (cr->path) {
+- char *ptr = strrchr( cr->path, '/' );
+- *ptr = 0;
++ if (cr->path)
++#ifdef HONORS_SOCKET_PERMS
+ chown( cr->path, uid, -1 );
+- *ptr = '/';
+- }
++#else
++ chown( cr->realdir, uid, -1 );
++#endif
+ }
+
+ void
+--- kdebase-3.5.10/kdm/backend/dm.h.sav 2010-03-23 13:22:28.401354858 +0100
++++ kdebase-3.5.10/kdm/backend/dm.h 2010-03-23 13:28:24.843351116 +0100
+@@ -218,6 +218,9 @@ typedef struct {
+ struct cmdsock *css; /* open connections */
+
+ char *path; /* filename of the socket */
++#ifndef HONORS_SOCKET_PERMS
++ char *realdir; /* real dirname of the socket */
++#endif
+ int fd; /* fd of the socket */
+ int gid; /* owner group of the socket */
+
+--- kdebase-3.5.10/config.h.in.sav 2008-08-20 18:00:23.000000000 +0200
++++ kdebase-3.5.10/config.h.in 2010-03-23 13:36:38.913475918 +0100
+@@ -739,6 +739,9 @@
+ /* Defined if your system has XRandR support */
+ #undef XRANDR_SUPPORT
+
++/* Define to 1 if OS honors permission bits on socket inodes */
++#undef HONORS_SOCKET_PERMS
++
+ /*
+ * jpeg.h needs HAVE_BOOLEAN, when the system uses boolean in system
+ * headers and I'm too lazy to write a configure test as long as only
+--- kdebase-3.5.10/configure.in.in.sav 2006-07-22 10:15:55.000000000 +0200
++++ kdebase-3.5.10/configure.in.in 2010-03-23 13:51:24.504477535 +0100
+@@ -274,3 +274,31 @@ AC_SUBST(LIBART_RPATH)
+ AC_ARG_WITH([composite],
+ AC_HELP_STRING([--without-composite], [Disable Xcomposite support (default: check)]) )
+
++AC_TRY_RUN([
++#include <sys/socket.h>
++#include <sys/un.h>
++#include <sys/stat.h>
++#include <sys/types.h>
++#include <string.h>
++#include <unistd.h>
++#include <errno.h>
++int main()
++{
++ int fd, fd2;
++ struct sockaddr_un sa;
++
++ if ((fd = socket(PF_UNIX, SOCK_STREAM, 0)) < 0)
++ return 2;
++ sa.sun_family = AF_UNIX;
++ strcpy(sa.sun_path, "testsock");
++ unlink(sa.sun_path);
++ if (bind(fd, (struct sockaddr *)&sa, sizeof(sa)))
++ return 2;
++ chmod(sa.sun_path, 0);
++ setuid(getuid() + 1000);
++ if ((fd2 = socket(PF_UNIX, SOCK_STREAM, 0)) < 0)
++ return 2;
++ connect(fd2, (struct sockaddr *)&sa, sizeof(sa));
++ return errno != EACCES;
++}
++], AC_DEFINE_UNQUOTED(HONORS_SOCKET_PERMS, 1, [Define to 1 if OS honors permission bits on socket inodes]))