summaryrefslogtreecommitdiffstats
path: root/redhat/kdebase/kdebase-3.5.13-fix_kdesktop_lock_security_issue.patch
diff options
context:
space:
mode:
Diffstat (limited to 'redhat/kdebase/kdebase-3.5.13-fix_kdesktop_lock_security_issue.patch')
-rw-r--r--redhat/kdebase/kdebase-3.5.13-fix_kdesktop_lock_security_issue.patch157
1 files changed, 157 insertions, 0 deletions
diff --git a/redhat/kdebase/kdebase-3.5.13-fix_kdesktop_lock_security_issue.patch b/redhat/kdebase/kdebase-3.5.13-fix_kdesktop_lock_security_issue.patch
new file mode 100644
index 000000000..1660d03f2
--- /dev/null
+++ b/redhat/kdebase/kdebase-3.5.13-fix_kdesktop_lock_security_issue.patch
@@ -0,0 +1,157 @@
+commit f05f9dc7532ea41c49b3e9385165d942dfab5d0e
+Author: Timothy Pearson <kb9vqf@pearsoncomputing.net>
+Date: 1327036924 -0600
+
+ If someone manages to close down kdesktop_lock through an undiscovered security vulnerability such as http://security-tracker.debian.org/tracker/CVE-2012-0064, immediately terminate the compromised TDE session
+
+diff --git a/kdesktop/lock/lockprocess.cc b/kdesktop/lock/lockprocess.cc
+index 6bd18f7..2588bbf 100644
+--- a/kdesktop/lock/lockprocess.cc
++++ b/kdesktop/lock/lockprocess.cc
+@@ -326,10 +326,8 @@ static int signal_pipe[2];
+ static void sigterm_handler(int)
+ {
+ if (!trinity_desktop_lock_in_sec_dlg) {
+- char tmp = 'T';
+- if (::write( signal_pipe[1], &tmp, 1) == -1) {
+- // Error handler to shut up gcc warnings
+- }
++ // Exit uncleanly
++ exit(1);
+ }
+ }
+
+@@ -522,7 +520,7 @@ void LockProcess::setupSignals()
+ sigaddset(&(act.sa_mask), SIGQUIT);
+ act.sa_flags = 0;
+ sigaction(SIGQUIT, &act, 0L);
+- // exit cleanly on SIGTERM
++ // exit uncleanly on SIGTERM
+ act.sa_handler= sigterm_handler;
+ sigemptyset(&(act.sa_mask));
+ sigaddset(&(act.sa_mask), SIGTERM);
+diff --git a/kdesktop/lockeng.cc b/kdesktop/lockeng.cc
+index b957218..c5306e9 100644
+--- a/kdesktop/lockeng.cc
++++ b/kdesktop/lockeng.cc
+@@ -36,10 +36,11 @@ bool trinity_lockeng_sak_available = TRUE;
+ // a newly started process.
+ //
+ SaverEngine::SaverEngine()
+- : KScreensaverIface(),
+- TQWidget(),
++ : TQWidget(),
++ KScreensaverIface(),
+ mBlankOnly(false),
+- mSAKProcess(NULL)
++ mSAKProcess(NULL),
++ mTerminationRequested(false)
+ {
+ // Save X screensaver parameters
+ XGetScreenSaver(qt_xdisplay(), &mXTimeout, &mXInterval,
+@@ -340,6 +341,7 @@ void SaverEngine::stopLockProcess()
+ kdDebug(1204) << "SaverEngine: stopping lock" << endl;
+ emitDCOPSignal("KDE_stop_screensaver()", TQByteArray());
+
++ mTerminationRequested=true;
+ mLockProcess.kill();
+
+ if (mEnabled)
+@@ -357,7 +359,33 @@ void SaverEngine::stopLockProcess()
+
+ void SaverEngine::lockProcessExited()
+ {
++printf("Lock process exited\n\r"); fflush(stdout);
++ bool abnormalExit = false;
+ kdDebug(1204) << "SaverEngine: lock exited" << endl;
++ if (mLockProcess.normalExit() == false) {
++ abnormalExit = true;
++ }
++ else {
++ if (mLockProcess.exitStatus() != 0) {
++ abnormalExit = true;
++ }
++ }
++ if (mTerminationRequested == true) {
++ abnormalExit = false;
++ }
++ if (abnormalExit == true) {
++ // PROBABLE HACKING ATTEMPT DETECTED
++ // Terminate the TDE session ASAP!
++ // Values are explained at http://lists.kde.org/?l=kde-linux&m=115770988603387
++ TQByteArray data;
++ TQDataStream arg(data, IO_WriteOnly);
++ arg << (int)0 << (int)0 << (int)2;
++ if ( ! kapp->dcopClient()->send("ksmserver", "default", "logout(int,int,int)", data) ) {
++ // Someone got to DCOP before we did
++ // Try an emergency system logout
++ system("logout");
++ }
++ }
+ if (trinity_lockeng_sak_available == TRUE) {
+ handleSecureDialog();
+ }
+diff --git a/kdesktop/lockeng.h b/kdesktop/lockeng.h
+index b1e31bd..ae81f90 100644
+--- a/kdesktop/lockeng.h
++++ b/kdesktop/lockeng.h
+@@ -114,6 +114,7 @@ protected:
+
+ private:
+ KProcess* mSAKProcess;
++ bool mTerminationRequested;
+ };
+
+ #endif
+commit 5f8d730703882e1335305a2c43a378f0c4b96e8e
+Author: Timothy Pearson <kb9vqf@pearsoncomputing.net>
+Date: 1327216641 -0600
+
+ Fix desktop lock
+
+diff --git a/kdesktop/lock/lockprocess.cc b/kdesktop/lock/lockprocess.cc
+index 2588bbf..5acc96e 100644
+--- a/kdesktop/lock/lockprocess.cc
++++ b/kdesktop/lock/lockprocess.cc
+@@ -630,6 +630,8 @@ void LockProcess::startSecureDialog()
+ return;
+ }
+
++ setGeometry(0, 0, mRootWidth, mRootHeight);
++
+ int ret;
+ SecureDlg inDlg( this );
+ inDlg.setRetInt(&ret);
+diff --git a/kdesktop/lock/main.cc b/kdesktop/lock/main.cc
+index 2711c36..c0b8e24 100644
+--- a/kdesktop/lock/main.cc
++++ b/kdesktop/lock/main.cc
+@@ -181,14 +181,14 @@ int main( int argc, char **argv )
+ rt = process.runSecureDialog();
+ }
+ else {
+- return 1;
++ return 0;
+ }
+ }
+ else {
+ rt = process.defaultSave();
+ }
+ if (!rt) {
+- return 1;
++ return 0;
+ }
+
+ if( sig )
+diff --git a/kdesktop/lockeng.cc b/kdesktop/lockeng.cc
+index fb0f754..5307c5c 100644
+--- a/kdesktop/lockeng.cc
++++ b/kdesktop/lockeng.cc
+@@ -372,6 +372,7 @@ printf("Lock process exited\n\r"); fflush(stdout);
+ }
+ if (mTerminationRequested == true) {
+ abnormalExit = false;
++ mTerminationRequested = false;
+ }
+ if (abnormalExit == true) {
+ // PROBABLE HACKING ATTEMPT DETECTED