Mercurial Mercurial > upstream > oracle > x-cons > x-s12-clone / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
open-src/lib/libXpm/setuid.patch
author Alan Coopersmith <Alan.Coopersmith@Sun.COM>
Mon, 24 Mar 2008 16:05:09 -0700
changeset 378 37921779d3c0
parent 90 aa93b75745de
child 907 3c35d611cdaa
permissions -rw-r--r--
6679315 resync FOX & Nevada X gates

#
# Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
#
# Permission is hereby granted, free of charge, to any person obtaining a
# copy of this software and associated documentation files (the
# "Software"), to deal in the Software without restriction, including
# without limitation the rights to use, copy, modify, merge, publish,
# distribute, and/or sell copies of the Software, and to permit persons
# to whom the Software is furnished to do so, provided that the above
# copyright notice(s) and this permission notice appear in all copies of
# the Software and that both the above copyright notice(s) and this
# permission notice appear in supporting documentation.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT
# OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
# HOLDERS INCLUDED IN THIS NOTICE BE LIABLE FOR ANY CLAIM, OR ANY SPECIAL
# INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES WHATSOEVER RESULTING
# FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
# NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
# WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
#
# Except as contained in this notice, the name of a copyright holder
# shall not be used in advertising or otherwise to promote the sale, use
# or other dealings in this Software without prior written authorization
# of the copyright holder.
# 
# @(#)setuid.patch	1.3	08/03/24 SMI
#

Additional security checks for setuid programs that X.Org upstream doesn't
have yet.

--- src/RdFToI.c	2006-10-11 15:31:40.000000000 -0700
+++ src/RdFToI.c	2006-10-03 16:34:35.553330000 -0700
@@ -154,7 +154,15 @@
 	    goto err;
 	if ( 0 == pid )
 	{
-	    execlp(cmd, cmd, arg1, (char *)NULL);
+/* #ifdef SUNSOFT */
+	    closefrom(3);
+	    if (issetugid()) {
+		char commandpath[32] = "/usr/bin/";
+		strlcat(commandpath, cmd, sizeof(commandpath));
+		execl(commandpath, cmd, arg1, NULL);
+	    } else
+/* #endif */
+	    execlp(cmd, cmd, arg1, NULL);
 	    perror(cmd);
 	    goto err;
 	}
upstream/oracle/x-cons/x-s12-clone