summaryrefslogtreecommitdiffstats
path: root/redhat/tdebase/kdebase-3.5.13-fix_kdesktop_lock_security_issue.patch
blob: 1660d03f29d2130e64b30b37331ab0079b1b09a1 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
commit f05f9dc7532ea41c49b3e9385165d942dfab5d0e
Author: Timothy Pearson <kb9vqf@pearsoncomputing.net>
Date:   1327036924 -0600

    If someone manages to close down kdesktop_lock through an undiscovered security vulnerability such as http://security-tracker.debian.org/tracker/CVE-2012-0064, immediately terminate the compromised TDE session

diff --git a/kdesktop/lock/lockprocess.cc b/kdesktop/lock/lockprocess.cc
index 6bd18f7..2588bbf 100644
--- a/kdesktop/lock/lockprocess.cc
+++ b/kdesktop/lock/lockprocess.cc
@@ -326,10 +326,8 @@ static int signal_pipe[2];
 static void sigterm_handler(int)
 {
     if (!trinity_desktop_lock_in_sec_dlg) {
-        char tmp = 'T';
-        if (::write( signal_pipe[1], &tmp, 1) == -1) {
-            // Error handler to shut up gcc warnings
-        }
+        // Exit uncleanly
+        exit(1);
     }
 }
 
@@ -522,7 +520,7 @@ void LockProcess::setupSignals()
     sigaddset(&(act.sa_mask), SIGQUIT);
     act.sa_flags = 0;
     sigaction(SIGQUIT, &act, 0L);
-    // exit cleanly on SIGTERM
+    // exit uncleanly on SIGTERM
     act.sa_handler= sigterm_handler;
     sigemptyset(&(act.sa_mask));
     sigaddset(&(act.sa_mask), SIGTERM);
diff --git a/kdesktop/lockeng.cc b/kdesktop/lockeng.cc
index b957218..c5306e9 100644
--- a/kdesktop/lockeng.cc
+++ b/kdesktop/lockeng.cc
@@ -36,10 +36,11 @@ bool trinity_lockeng_sak_available = TRUE;
 // a newly started process.
 //
 SaverEngine::SaverEngine()
-    : KScreensaverIface(),
-      TQWidget(),
+    : TQWidget(),
+      KScreensaverIface(),
       mBlankOnly(false),
-      mSAKProcess(NULL)
+      mSAKProcess(NULL),
+      mTerminationRequested(false)
 {
     // Save X screensaver parameters
     XGetScreenSaver(qt_xdisplay(), &mXTimeout, &mXInterval,
@@ -340,6 +341,7 @@ void SaverEngine::stopLockProcess()
     kdDebug(1204) << "SaverEngine: stopping lock" << endl;
     emitDCOPSignal("KDE_stop_screensaver()", TQByteArray());
 
+    mTerminationRequested=true;
     mLockProcess.kill();
 
     if (mEnabled)
@@ -357,7 +359,33 @@ void SaverEngine::stopLockProcess()
 
 void SaverEngine::lockProcessExited()
 {
+printf("Lock process exited\n\r"); fflush(stdout);
+    bool abnormalExit = false;
     kdDebug(1204) << "SaverEngine: lock exited" << endl;
+    if (mLockProcess.normalExit() == false) {
+        abnormalExit = true;
+    }
+    else {
+        if (mLockProcess.exitStatus() != 0) {
+            abnormalExit = true;
+        }
+    }
+    if (mTerminationRequested == true) {
+        abnormalExit = false;
+    }
+    if (abnormalExit == true) {
+        // PROBABLE HACKING ATTEMPT DETECTED
+        // Terminate the TDE session ASAP!
+        // Values are explained at http://lists.kde.org/?l=kde-linux&m=115770988603387
+        TQByteArray data;
+        TQDataStream arg(data, IO_WriteOnly);
+        arg << (int)0 << (int)0 << (int)2;
+        if ( ! kapp->dcopClient()->send("ksmserver", "default", "logout(int,int,int)", data) ) {
+            // Someone got to DCOP before we did
+            // Try an emergency system logout
+            system("logout");
+        }
+    }
     if (trinity_lockeng_sak_available == TRUE) {
         handleSecureDialog();
     }
diff --git a/kdesktop/lockeng.h b/kdesktop/lockeng.h
index b1e31bd..ae81f90 100644
--- a/kdesktop/lockeng.h
+++ b/kdesktop/lockeng.h
@@ -114,6 +114,7 @@ protected:
 
 private:
     KProcess*   mSAKProcess;
+    bool        mTerminationRequested;
 };
 
 #endif
commit 5f8d730703882e1335305a2c43a378f0c4b96e8e
Author: Timothy Pearson <kb9vqf@pearsoncomputing.net>
Date:   1327216641 -0600

    Fix desktop lock

diff --git a/kdesktop/lock/lockprocess.cc b/kdesktop/lock/lockprocess.cc
index 2588bbf..5acc96e 100644
--- a/kdesktop/lock/lockprocess.cc
+++ b/kdesktop/lock/lockprocess.cc
@@ -630,6 +630,8 @@ void LockProcess::startSecureDialog()
 		return;
 	}
 
+	setGeometry(0, 0, mRootWidth, mRootHeight);
+
 	int ret;
 	SecureDlg inDlg( this );
 	inDlg.setRetInt(&ret);
diff --git a/kdesktop/lock/main.cc b/kdesktop/lock/main.cc
index 2711c36..c0b8e24 100644
--- a/kdesktop/lock/main.cc
+++ b/kdesktop/lock/main.cc
@@ -181,14 +181,14 @@ int main( int argc, char **argv )
             rt = process.runSecureDialog();
         }
         else {
-            return 1;
+            return 0;
         }
     }
     else {
         rt = process.defaultSave();
     }
     if (!rt) {
-        return 1;
+        return 0;
     }
 
     if( sig )
diff --git a/kdesktop/lockeng.cc b/kdesktop/lockeng.cc
index fb0f754..5307c5c 100644
--- a/kdesktop/lockeng.cc
+++ b/kdesktop/lockeng.cc
@@ -372,6 +372,7 @@ printf("Lock process exited\n\r"); fflush(stdout);
     }
     if (mTerminationRequested == true) {
         abnormalExit = false;
+        mTerminationRequested = false;
     }
     if (abnormalExit == true) {
         // PROBABLE HACKING ATTEMPT DETECTED