diff options
Diffstat (limited to 'redhat/kdebase/kdebase-3.5.13-fix_kdesktop_lock_security_issue.patch')
-rw-r--r-- | redhat/kdebase/kdebase-3.5.13-fix_kdesktop_lock_security_issue.patch | 157 |
1 files changed, 157 insertions, 0 deletions
diff --git a/redhat/kdebase/kdebase-3.5.13-fix_kdesktop_lock_security_issue.patch b/redhat/kdebase/kdebase-3.5.13-fix_kdesktop_lock_security_issue.patch new file mode 100644 index 000000000..1660d03f2 --- /dev/null +++ b/redhat/kdebase/kdebase-3.5.13-fix_kdesktop_lock_security_issue.patch @@ -0,0 +1,157 @@ +commit f05f9dc7532ea41c49b3e9385165d942dfab5d0e +Author: Timothy Pearson <kb9vqf@pearsoncomputing.net> +Date: 1327036924 -0600 + + If someone manages to close down kdesktop_lock through an undiscovered security vulnerability such as http://security-tracker.debian.org/tracker/CVE-2012-0064, immediately terminate the compromised TDE session + +diff --git a/kdesktop/lock/lockprocess.cc b/kdesktop/lock/lockprocess.cc +index 6bd18f7..2588bbf 100644 +--- a/kdesktop/lock/lockprocess.cc ++++ b/kdesktop/lock/lockprocess.cc +@@ -326,10 +326,8 @@ static int signal_pipe[2]; + static void sigterm_handler(int) + { + if (!trinity_desktop_lock_in_sec_dlg) { +- char tmp = 'T'; +- if (::write( signal_pipe[1], &tmp, 1) == -1) { +- // Error handler to shut up gcc warnings +- } ++ // Exit uncleanly ++ exit(1); + } + } + +@@ -522,7 +520,7 @@ void LockProcess::setupSignals() + sigaddset(&(act.sa_mask), SIGQUIT); + act.sa_flags = 0; + sigaction(SIGQUIT, &act, 0L); +- // exit cleanly on SIGTERM ++ // exit uncleanly on SIGTERM + act.sa_handler= sigterm_handler; + sigemptyset(&(act.sa_mask)); + sigaddset(&(act.sa_mask), SIGTERM); +diff --git a/kdesktop/lockeng.cc b/kdesktop/lockeng.cc +index b957218..c5306e9 100644 +--- a/kdesktop/lockeng.cc ++++ b/kdesktop/lockeng.cc +@@ -36,10 +36,11 @@ bool trinity_lockeng_sak_available = TRUE; + // a newly started process. + // + SaverEngine::SaverEngine() +- : KScreensaverIface(), +- TQWidget(), ++ : TQWidget(), ++ KScreensaverIface(), + mBlankOnly(false), +- mSAKProcess(NULL) ++ mSAKProcess(NULL), ++ mTerminationRequested(false) + { + // Save X screensaver parameters + XGetScreenSaver(qt_xdisplay(), &mXTimeout, &mXInterval, +@@ -340,6 +341,7 @@ void SaverEngine::stopLockProcess() + kdDebug(1204) << "SaverEngine: stopping lock" << endl; + emitDCOPSignal("KDE_stop_screensaver()", TQByteArray()); + ++ mTerminationRequested=true; + mLockProcess.kill(); + + if (mEnabled) +@@ -357,7 +359,33 @@ void SaverEngine::stopLockProcess() + + void SaverEngine::lockProcessExited() + { ++printf("Lock process exited\n\r"); fflush(stdout); ++ bool abnormalExit = false; + kdDebug(1204) << "SaverEngine: lock exited" << endl; ++ if (mLockProcess.normalExit() == false) { ++ abnormalExit = true; ++ } ++ else { ++ if (mLockProcess.exitStatus() != 0) { ++ abnormalExit = true; ++ } ++ } ++ if (mTerminationRequested == true) { ++ abnormalExit = false; ++ } ++ if (abnormalExit == true) { ++ // PROBABLE HACKING ATTEMPT DETECTED ++ // Terminate the TDE session ASAP! ++ // Values are explained at http://lists.kde.org/?l=kde-linux&m=115770988603387 ++ TQByteArray data; ++ TQDataStream arg(data, IO_WriteOnly); ++ arg << (int)0 << (int)0 << (int)2; ++ if ( ! kapp->dcopClient()->send("ksmserver", "default", "logout(int,int,int)", data) ) { ++ // Someone got to DCOP before we did ++ // Try an emergency system logout ++ system("logout"); ++ } ++ } + if (trinity_lockeng_sak_available == TRUE) { + handleSecureDialog(); + } +diff --git a/kdesktop/lockeng.h b/kdesktop/lockeng.h +index b1e31bd..ae81f90 100644 +--- a/kdesktop/lockeng.h ++++ b/kdesktop/lockeng.h +@@ -114,6 +114,7 @@ protected: + + private: + KProcess* mSAKProcess; ++ bool mTerminationRequested; + }; + + #endif +commit 5f8d730703882e1335305a2c43a378f0c4b96e8e +Author: Timothy Pearson <kb9vqf@pearsoncomputing.net> +Date: 1327216641 -0600 + + Fix desktop lock + +diff --git a/kdesktop/lock/lockprocess.cc b/kdesktop/lock/lockprocess.cc +index 2588bbf..5acc96e 100644 +--- a/kdesktop/lock/lockprocess.cc ++++ b/kdesktop/lock/lockprocess.cc +@@ -630,6 +630,8 @@ void LockProcess::startSecureDialog() + return; + } + ++ setGeometry(0, 0, mRootWidth, mRootHeight); ++ + int ret; + SecureDlg inDlg( this ); + inDlg.setRetInt(&ret); +diff --git a/kdesktop/lock/main.cc b/kdesktop/lock/main.cc +index 2711c36..c0b8e24 100644 +--- a/kdesktop/lock/main.cc ++++ b/kdesktop/lock/main.cc +@@ -181,14 +181,14 @@ int main( int argc, char **argv ) + rt = process.runSecureDialog(); + } + else { +- return 1; ++ return 0; + } + } + else { + rt = process.defaultSave(); + } + if (!rt) { +- return 1; ++ return 0; + } + + if( sig ) +diff --git a/kdesktop/lockeng.cc b/kdesktop/lockeng.cc +index fb0f754..5307c5c 100644 +--- a/kdesktop/lockeng.cc ++++ b/kdesktop/lockeng.cc +@@ -372,6 +372,7 @@ printf("Lock process exited\n\r"); fflush(stdout); + } + if (mTerminationRequested == true) { + abnormalExit = false; ++ mTerminationRequested = false; + } + if (abnormalExit == true) { + // PROBABLE HACKING ATTEMPT DETECTED |