Stefan Dirsch
b7ed257592
- u_xorg-wrapper-Xserver-Options-Whitelist-Filter.patch * replaced by improved version written by Matthias Gerstner of our security team + simplified the option parsing code a bit + changed the "ignore forbidden argument" logic into an "abort on forbidden argument" logic. This is safer and avoids surprises on the user's end that could occur if the desired command line arguments aren't effective but the Xorg server is still started. + tried to adjust to the coding style present in the file (mostly the function name) + added some logic to apply the option filtering only to non-root users when Xorg is actually started as root. This should allow for full flexibility if root calls the wrapper or if the Xorg server only runs with user privileges. - n_xorg-wrapper-rename-Xorg.patch * moved Xorg to Xorg.bin and Xorg.sh to Xorg (boo#1175867) - change default for needs_root_rights to auto in Xwrapper.config (boo#1175867) - reenabled SUID wrapper for TW (boo#1175867) - u_xorg-wrapper-Xserver-Options-Whitelist-Filter.patch * Xserver option whitelist filter (boo#1175867) OBS-URL: https://build.opensuse.org/request/show/838619 OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=779
97 lines
2.6 KiB
Diff
97 lines
2.6 KiB
Diff
--- xserver-1.20.9/hw/xfree86/xorg-wrapper.c
|
|
+++ xserver-1.20.9/hw/xfree86/xorg-wrapper.c 2020-09-29 12:52:59.256970275 +0200
|
|
@@ -191,6 +191,60 @@
|
|
return 0;
|
|
}
|
|
|
|
+static int check_vt_range(long int vt)
|
|
+{
|
|
+ if (vt >= 2 && vt <= 7 ) {
|
|
+ return 1;
|
|
+ }
|
|
+
|
|
+ return 0;
|
|
+}
|
|
+
|
|
+/* Xserver option whitelist filter (boo#1175867) */
|
|
+static int option_filter(int argc, char* argv[]){
|
|
+
|
|
+ for(int pos=1; pos<argc; pos++) {
|
|
+ const char *arg = argv[pos];
|
|
+
|
|
+ if (strlen(arg) == 3 && !strncmp(arg,"vt", 2) && check_vt_range(strtol(arg+2, NULL, 10)) == 1) {
|
|
+ /* vtX (vt2-vt7) */
|
|
+ continue;
|
|
+ } else if(!strcmp(arg,"-displayfd") ||
|
|
+ !strcmp(arg,"-auth") ||
|
|
+ !strcmp(arg,"-background") ||
|
|
+ !strcmp(arg,"-verbose") ||
|
|
+ !strcmp(arg,"-listen")) {
|
|
+ /* -displayfd x
|
|
+ -auth xxxx
|
|
+ -backgound none
|
|
+ -verbose 7 (7 or 3)
|
|
+ -listen tcp
|
|
+ */
|
|
+ if ((pos+1) < argc) {
|
|
+ pos++;
|
|
+ } else {
|
|
+ fprintf(stderr, "%s: Missing argument for Xserver option \"%s\". Aborting.\n",
|
|
+ progname, arg);
|
|
+ return 0;
|
|
+ }
|
|
+ } else if (!strcmp(arg,"-noreset") ||
|
|
+ !strcmp(arg,"-keeptty") ||
|
|
+ !strcmp(arg,"-core")) {
|
|
+ /* -noreset
|
|
+ -keeptty
|
|
+ -core
|
|
+ */
|
|
+ continue;
|
|
+ } else {
|
|
+ fprintf(stderr, "%s: Xserver option \"%s\" invalid or not in whitelist. Aborting.\n",
|
|
+ progname, arg);
|
|
+ return 0;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ return 1;
|
|
+}
|
|
+
|
|
int main(int argc, char *argv[])
|
|
{
|
|
#ifdef WITH_LIBDRM
|
|
@@ -250,11 +304,14 @@
|
|
|
|
close(fd);
|
|
}
|
|
+ /* If we've found cards, and all cards support kms, drop root rights */
|
|
+ if (total_cards && kms_cards == total_cards) {
|
|
+ needs_root_rights = 0;
|
|
+ }
|
|
}
|
|
#endif
|
|
|
|
- /* If we've found cards, and all cards support kms, drop root rights */
|
|
- if (needs_root_rights == 0 || (total_cards && kms_cards == total_cards)) {
|
|
+ if (needs_root_rights == 0) {
|
|
gid_t realgid = getgid();
|
|
uid_t realuid = getuid();
|
|
int ngroups = 0;
|
|
@@ -326,6 +383,15 @@
|
|
}
|
|
|
|
argv[0] = buf;
|
|
+
|
|
+ if (needs_root_rights == 1 && getuid() != 0)
|
|
+ {
|
|
+ /* Xserver option whitelist filter (boo#1175867) */
|
|
+ if (option_filter(argc, argv) == 0) {
|
|
+ exit(1);
|
|
+ }
|
|
+ }
|
|
+
|
|
if (getuid() == geteuid())
|
|
(void) execv(argv[0], argv);
|
|
else
|