From 17ddc8235663ac1cc81346e914eba90ce4d34877 Mon Sep 17 00:00:00 2001 From: Ray Strode Date: Oct 27 2009 15:53:46 +0000 Subject: - Tighten permissions on /var/run/gdm (bug 531063) --- diff --git a/fix-run-dir-permissions.patch b/fix-run-dir-permissions.patch new file mode 100644 index 0000000..7475236 --- /dev/null +++ b/fix-run-dir-permissions.patch @@ -0,0 +1,370 @@ +From 5475c0a823cf94f817821105b40760d902d9ace5 Mon Sep 17 00:00:00 2001 +From: Ray Strode +Date: Tue, 27 Oct 2009 10:40:55 -0400 +Subject: [PATCH 1/4] Make screenshot dir a configure argument + +This provides a little more flexibility to distributors, +but more importantly makes it less hard coded in gdm-screenshot.c +--- + configure.ac | 17 +++++++++++++++++ + data/Makefile.am | 8 ++++++++ + utils/Makefile.am | 1 + + utils/gdm-screenshot.c | 5 +---- + 4 files changed, 27 insertions(+), 4 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 4fe4430..0dd2658 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1237,6 +1237,23 @@ fi + AC_SUBST(GDM_XAUTH_DIR) + + dnl --------------------------------------------------------------------------- ++dnl - Directory for greeter screenshot ++dnl --------------------------------------------------------------------------- ++ ++AC_ARG_WITH(screenshot-dir, ++ AS_HELP_STRING([--with-screenshot-dir=], ++ [directory to store greeter screenshot])) ++ ++if ! test -z "$with_screenshot_dir"; then ++ GDM_SCREENSHOT_DIR=$with_screenshot_dir ++else ++ GDM_SCREENSHOT_DIR=${localstatedir}/run/gdm ++fi ++ ++AC_SUBST(GDM_SCREENSHOT_DIR) ++ ++ ++dnl --------------------------------------------------------------------------- + dnl - Finish + dnl --------------------------------------------------------------------------- + +diff --git a/data/Makefile.am b/data/Makefile.am +index 73fa106..608194d 100644 +--- a/data/Makefile.am ++++ b/data/Makefile.am +@@ -13,6 +13,7 @@ predir = $(gdmconfdir)/PreSession + postlogindir = $(gdmconfdir)/PostLogin + workingdir = $(GDM_WORKING_DIR) + xauthdir = $(GDM_XAUTH_DIR) ++screenshotdir = $(GDM_SCREENSHOT_DIR) + cachedir = $(localstatedir)/cache/gdm + + Xsession: $(srcdir)/Xsession.in +@@ -123,6 +124,7 @@ uninstall-hook: + -rf \ + $(DESTDIR)$(workingdir)/.gconf.mandatory \ + $(DESTDIR)$(xauthdir) ++ $(DESTDIR)$(screenshotdir) + + install-data-hook: gdm.conf-custom Xsession Init PostSession PreSession gconf.path + if test '!' -d $(DESTDIR)$(gdmconfdir); then \ +@@ -204,6 +206,12 @@ install-data-hook: gdm.conf-custom Xsession Init PostSession PreSession gconf.pa + chown root:gdm $(DESTDIR)$(xauthdir) || : ; \ + fi + ++ if test '!' -d $(DESTDIR)$(screenshotdir); then \ ++ $(mkinstalldirs) $(DESTDIR)$(screenshotdir); \ ++ chmod 0755 $(DESTDIR)$(screenshotdir); \ ++ chown gdm:gdm $(DESTDIR)$(screenshotdir) || : ; \ ++ fi ++ + if test '!' -d $(DESTDIR)$(workingdir); then \ + $(mkinstalldirs) $(DESTDIR)$(workingdir); \ + chmod 1770 $(DESTDIR)$(workingdir); \ +diff --git a/utils/Makefile.am b/utils/Makefile.am +index 0b6ea04..f1ff331 100644 +--- a/utils/Makefile.am ++++ b/utils/Makefile.am +@@ -4,6 +4,7 @@ AM_CPPFLAGS = \ + -I. \ + -I.. \ + -DLOCALSTATEDIR=\""$(localstatedir)"\" \ ++ -DGDM_SCREENSHOT_DIR=\""$(GDM_SCREENSHOT_DIR)"\"\ + -DGNOMELOCALEDIR=\""$(datadir)/locale"\" \ + $(UTILS_CFLAGS) \ + $(CANBERRA_GTK_CFLAGS) \ +diff --git a/utils/gdm-screenshot.c b/utils/gdm-screenshot.c +index f66de46..12102f2 100644 +--- a/utils/gdm-screenshot.c ++++ b/utils/gdm-screenshot.c +@@ -163,11 +163,8 @@ screenshot_save (GdkPixbuf *pixbuf) + char *filename; + gboolean res; + GError *error; +- const char *save_dir; + +- save_dir = LOCALSTATEDIR "/run/gdm"; +- +- filename = g_build_filename (save_dir, ++ filename = g_build_filename (GDM_SCREENSHOT_DIR, + "GDM-Screenshot.png", + NULL); + +-- +1.6.5.1 + + +From 1fe51c8f69dc93033d2035c27389377090f21b78 Mon Sep 17 00:00:00 2001 +From: Ray Strode +Date: Tue, 27 Oct 2009 11:25:19 -0400 +Subject: [PATCH 2/4] Create screenshot dir at runtime if not available + +We want the screenshot dir to be owned by the GDM user, +so the greeter can write screenshots to it. +--- + daemon/Makefile.am | 1 + + daemon/gdm-greeter-session.c | 1 + + daemon/gdm-welcome-session.c | 32 ++++++++++++++++++++++++++++++++ + 3 files changed, 34 insertions(+), 0 deletions(-) + +diff --git a/daemon/Makefile.am b/daemon/Makefile.am +index a122a15..ab10dc5 100644 +--- a/daemon/Makefile.am ++++ b/daemon/Makefile.am +@@ -15,6 +15,7 @@ AM_CPPFLAGS = \ + -DSBINDIR=\"$(sbindir)\" \ + -DGNOMELOCALEDIR=\""$(datadir)/locale"\" \ + -DGDM_XAUTH_DIR=\"$(GDM_XAUTH_DIR)\" \ ++ -DGDM_SCREENSHOT_DIR=\"$(GDM_SCREENSHOT_DIR)\" \ + -DGDM_CACHE_DIR=\""$(localstatedir)/cache/gdm"\" \ + -DGDM_SESSION_DEFAULT_PATH=\"$(GDM_SESSION_DEFAULT_PATH)\" \ + $(DISABLE_DEPRECATED_CFLAGS) \ +diff --git a/daemon/gdm-greeter-session.c b/daemon/gdm-greeter-session.c +index aae1928..994acbc 100644 +--- a/daemon/gdm-greeter-session.c ++++ b/daemon/gdm-greeter-session.c +@@ -156,6 +156,7 @@ gdm_greeter_session_new (const char *display_name, + "x11-display-device", display_device, + "x11-display-hostname", display_hostname, + "x11-display-is-local", display_is_local, ++ "runtime-dir", GDM_SCREENSHOT_DIR, + NULL); + + return GDM_GREETER_SESSION (object); +diff --git a/daemon/gdm-welcome-session.c b/daemon/gdm-welcome-session.c +index b58e855..f340660 100644 +--- a/daemon/gdm-welcome-session.c ++++ b/daemon/gdm-welcome-session.c +@@ -63,6 +63,7 @@ struct GdmWelcomeSessionPrivate + + char *user_name; + char *group_name; ++ char *runtime_dir; + + char *x11_display_name; + char *x11_display_device; +@@ -91,6 +92,7 @@ enum { + PROP_X11_DISPLAY_IS_LOCAL, + PROP_USER_NAME, + PROP_GROUP_NAME, ++ PROP_RUNTIME_DIR, + PROP_SERVER_ADDRESS, + PROP_COMMAND, + PROP_SERVER_DBUS_PATH, +@@ -408,6 +410,7 @@ rotate_logs (const char *path, + typedef struct { + const char *user_name; + const char *group_name; ++ const char *runtime_dir; + const char *log_file; + } SpawnChildData; + +@@ -435,6 +438,10 @@ spawn_child_setup (SpawnChildData *data) + _exit (1); + } + ++ g_debug ("GdmWelcomeSession: Setting up run time dir %s", data->runtime_dir); ++ g_mkdir (data->runtime_dir, 0755); ++ chown (data->runtime_dir, pwent->pw_uid, pwent->pw_gid); ++ + g_debug ("GdmWelcomeSession: Changing (uid:gid) for child process to (%d:%d)", + pwent->pw_uid, + grent->gr_gid); +@@ -552,6 +559,7 @@ static gboolean + spawn_command_line_async_as_user (const char *command_line, + const char *user_name, + const char *group_name, ++ const char *runtime_dir, + const char *log_file, + char **env, + GPid *child_pid, +@@ -575,6 +583,7 @@ spawn_command_line_async_as_user (const char *command_line, + + data.user_name = user_name; + data.group_name = group_name; ++ data.runtime_dir = runtime_dir; + data.log_file = log_file; + + local_error = NULL; +@@ -756,6 +765,7 @@ gdm_welcome_session_spawn (GdmWelcomeSession *welcome_session) + ret = spawn_command_line_async_as_user (welcome_session->priv->command, + welcome_session->priv->user_name, + welcome_session->priv->group_name, ++ welcome_session->priv->runtime_dir, + log_path, + (char **)env->pdata, + &welcome_session->priv->pid, +@@ -928,6 +938,14 @@ _gdm_welcome_session_set_group_name (GdmWelcomeSession *welcome_session, + } + + static void ++_gdm_welcome_session_set_runtime_dir (GdmWelcomeSession *welcome_session, ++ const char *dir) ++{ ++ g_free (welcome_session->priv->runtime_dir); ++ welcome_session->priv->runtime_dir = g_strdup (dir); ++} ++ ++static void + _gdm_welcome_session_set_server_dbus_path (GdmWelcomeSession *welcome_session, + const char *name) + { +@@ -998,6 +1016,9 @@ gdm_welcome_session_set_property (GObject *object, + case PROP_GROUP_NAME: + _gdm_welcome_session_set_group_name (self, g_value_get_string (value)); + break; ++ case PROP_RUNTIME_DIR: ++ _gdm_welcome_session_set_runtime_dir (self, g_value_get_string (value)); ++ break; + case PROP_SERVER_ADDRESS: + gdm_welcome_session_set_server_address (self, g_value_get_string (value)); + break; +@@ -1054,6 +1075,9 @@ gdm_welcome_session_get_property (GObject *object, + case PROP_GROUP_NAME: + g_value_set_string (value, self->priv->group_name); + break; ++ case PROP_RUNTIME_DIR: ++ g_value_set_string (value, self->priv->runtime_dir); ++ break; + case PROP_SERVER_ADDRESS: + g_value_set_string (value, self->priv->server_address); + break; +@@ -1154,6 +1178,13 @@ gdm_welcome_session_class_init (GdmWelcomeSessionClass *klass) + GDM_GROUPNAME, + G_PARAM_READWRITE | G_PARAM_CONSTRUCT)); + g_object_class_install_property (object_class, ++ PROP_RUNTIME_DIR, ++ g_param_spec_string ("runtime-dir", ++ "runtime dir", ++ "runtime dir", ++ NULL, ++ G_PARAM_READWRITE | G_PARAM_CONSTRUCT)); ++ g_object_class_install_property (object_class, + PROP_SERVER_ADDRESS, + g_param_spec_string ("server-address", + "server address", +@@ -1267,6 +1298,7 @@ gdm_welcome_session_finalize (GObject *object) + g_free (welcome_session->priv->command); + g_free (welcome_session->priv->user_name); + g_free (welcome_session->priv->group_name); ++ g_free (welcome_session->priv->runtime_dir); + g_free (welcome_session->priv->x11_display_name); + g_free (welcome_session->priv->x11_display_device); + g_free (welcome_session->priv->x11_display_hostname); +-- +1.6.5.1 + + +From 81870b019c929694ea392359b0a66b0a500c7d5c Mon Sep 17 00:00:00 2001 +From: Ray Strode +Date: Tue, 27 Oct 2009 11:43:15 -0400 +Subject: [PATCH 3/4] Move default screenshot dir to it's own subdirectory + +--- + configure.ac | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 0dd2658..93917e2 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1247,7 +1247,7 @@ AC_ARG_WITH(screenshot-dir, + if ! test -z "$with_screenshot_dir"; then + GDM_SCREENSHOT_DIR=$with_screenshot_dir + else +- GDM_SCREENSHOT_DIR=${localstatedir}/run/gdm ++ GDM_SCREENSHOT_DIR=${localstatedir}/run/gdm/greeter + fi + + AC_SUBST(GDM_SCREENSHOT_DIR) +-- +1.6.5.1 + + +From c96697431529ed87dbdbb987ed92ac2286b247b7 Mon Sep 17 00:00:00 2001 +From: Ray Strode +Date: Tue, 27 Oct 2009 10:35:37 -0400 +Subject: [PATCH 4/4] Lock down /var/run/gdm + +We don't need it so open now that screenshots are written to their +own directory, and having it open has implications for quota abuse. +--- + daemon/gdm-display-access-file.c | 14 +++++++------- + data/Makefile.am | 2 +- + 2 files changed, 8 insertions(+), 8 deletions(-) + +diff --git a/daemon/gdm-display-access-file.c b/daemon/gdm-display-access-file.c +index a3d3e2f..1b52f15 100644 +--- a/daemon/gdm-display-access-file.c ++++ b/daemon/gdm-display-access-file.c +@@ -268,10 +268,10 @@ _create_xauth_file_for_user (const char *username, + fp = NULL; + fd = -1; + +- /* Create directory if not exist, then set permission 01775 and ownership root:gdm */ ++ /* Create directory if not exist, then set permission 0711 and ownership root:gdm */ + if (g_file_test (GDM_XAUTH_DIR, G_FILE_TEST_IS_DIR) == FALSE) { + g_unlink (GDM_XAUTH_DIR); +- if (g_mkdir (GDM_XAUTH_DIR, S_ISVTX | S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH) != 0) { ++ if (g_mkdir (GDM_XAUTH_DIR, 0711) != 0) { + g_set_error (error, + G_FILE_ERROR, + g_file_error_from_errno (errno), +@@ -279,15 +279,15 @@ _create_xauth_file_for_user (const char *username, + goto out; + } + +- g_chmod (GDM_XAUTH_DIR, S_ISVTX | S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH); ++ g_chmod (GDM_XAUTH_DIR, 0711); + _get_uid_and_gid_for_user (GDM_USERNAME, &uid, &gid); + if (chown (GDM_XAUTH_DIR, 0, gid) != 0) { + g_warning ("Unable to change owner of '%s'", + GDM_XAUTH_DIR); + } + } else { +- /* if it does exist make sure it has correct mode 01775 */ +- g_chmod (GDM_XAUTH_DIR, S_ISVTX | S_IRWXU |S_IRWXG | S_IROTH | S_IXOTH); ++ /* if it does exist make sure it has correct mode 0711 */ ++ g_chmod (GDM_XAUTH_DIR, 0711); + + /* and clean up any stale auth subdirs */ + clean_up_stale_auth_subdirs (); +@@ -368,8 +368,8 @@ _create_xauth_file_for_user (const char *username, + } + + /* now open up permissions on per-session directory */ +- g_debug ("GdmDisplayAccessFile: chmoding %s to 1777", dir_name); +- g_chmod (dir_name, S_ISVTX | S_IRWXU | S_IRWXG | S_IRWXO); ++ g_debug ("GdmDisplayAccessFile: chmoding %s to 0711", dir_name); ++ g_chmod (dir_name, 0711); + + errno = 0; + fp = fdopen (fd, "w"); +diff --git a/data/Makefile.am b/data/Makefile.am +index 608194d..dfbd096 100644 +--- a/data/Makefile.am ++++ b/data/Makefile.am +@@ -202,7 +202,7 @@ install-data-hook: gdm.conf-custom Xsession Init PostSession PreSession gconf.pa + + if test '!' -d $(DESTDIR)$(xauthdir); then \ + $(mkinstalldirs) $(DESTDIR)$(xauthdir); \ +- chmod 1777 $(DESTDIR)$(xauthdir); \ ++ chmod 0711 $(DESTDIR)$(xauthdir); \ + chown root:gdm $(DESTDIR)$(xauthdir) || : ; \ + fi + +-- +1.6.5.1 + diff --git a/gdm.spec b/gdm.spec index 76f8f5c..b904b6b 100644 --- a/gdm.spec +++ b/gdm.spec @@ -16,7 +16,7 @@ Summary: The GNOME Display Manager Name: gdm Version: 2.28.1 -Release: 10%{?dist} +Release: 11%{?dist} Epoch: 1 License: GPLv2+ Group: User Interface/X @@ -105,6 +105,7 @@ Patch21: fix-clock.patch Patch22: fix-timer.patch Patch23: fix-na-tray.patch Patch24: fix-computer-info.patch +Patch25: fix-run-dir-permissions.patch Patch97: gdm-multistack.patch # Fedora-specific @@ -155,6 +156,7 @@ The GDM fingerprint plugin provides functionality necessary to use a fingerprint %patch22 -p1 -b .fix-timer %patch23 -p1 -b .fix-na-tray %patch24 -p1 -b .fix-computer-info +%patch25 -p1 -b .fix-run-dir-permission %patch97 -p1 -b .multistack %patch98 -p1 -b .bubble-location @@ -226,6 +228,8 @@ mkdir -p $RPM_BUILD_ROOT%{_datadir}/gdm/autostart/LoginWindow # temporarily manually copy this cp -f %{SOURCE10} $RPM_BUILD_ROOT%{_datadir}/gdm/autostart/LoginWindow/polkit-gnome-authentication-agent-1.desktop +mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/gdm/greeter + rm -rf $RPM_BUILD_ROOT%{_localstatedir}/scrollkeeper find $RPM_BUILD_ROOT -name '*.a' -delete @@ -379,10 +383,12 @@ fi %config %{_datadir}/gdm/autostart/LoginWindow/* %dir %{_localstatedir}/log/gdm %dir %{_localstatedir}/spool/gdm +%dir %{_localstatedir}/run/gdm/greeter %attr(1770, gdm, gdm) %dir %{_localstatedir}/lib/gdm %attr(1750, gdm, gdm) %dir %{_localstatedir}/lib/gdm/.gconf.mandatory %attr(1640, gdm, gdm) %dir %{_localstatedir}/lib/gdm/.gconf.mandatory/*.xml %attr(1640, gdm, gdm) %dir %{_localstatedir}/lib/gdm/.gconf.path +%attr(1755, gdm, gdm) %dir %{_localstatedir}/run/gdm/greeter %attr(1770, root, gdm) %dir %{_localstatedir}/gdm %attr(1777, root, gdm) %dir %{_localstatedir}/run/gdm %attr(1755, root, gdm) %dir %{_localstatedir}/cache/gdm @@ -407,6 +413,9 @@ fi %{_libdir}/gdm/simple-greeter/plugins/fingerprint.so %changelog +* Tue Oct 27 2009 Ray Strode 2.28.1-11 +- Tighten permissions on /var/run/gdm (bug 531063) + * Mon Oct 26 2009 Ray Strode 2.28.1-10 - Position shutdown menu properly on multihead machines