Stefan Dirsch
b7ed257592
- u_xorg-wrapper-Xserver-Options-Whitelist-Filter.patch
* replaced by improved version written by Matthias Gerstner of
our security team
+ simplified the option parsing code a bit
+ changed the "ignore forbidden argument" logic into an "abort
on forbidden argument" logic. This is safer and avoids
surprises on the user's end that could occur if the desired
command line arguments aren't effective but the Xorg server is
still started.
+ tried to adjust to the coding style present in the file
(mostly the function name)
+ added some logic to apply the option filtering only to
non-root users when Xorg is actually started as root. This
should allow for full flexibility if root calls the wrapper or
if the Xorg server only runs with user privileges.
- n_xorg-wrapper-rename-Xorg.patch
* moved Xorg to Xorg.bin and Xorg.sh to Xorg (boo#1175867)
- change default for needs_root_rights to auto in Xwrapper.config
(boo#1175867)
- reenabled SUID wrapper for TW (boo#1175867)
- u_xorg-wrapper-Xserver-Options-Whitelist-Filter.patch
* Xserver option whitelist filter (boo#1175867)
OBS-URL: https://build.opensuse.org/request/show/838619
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=779
97 lines
2.6 KiB
Diff
97 lines
2.6 KiB
Diff
--- xserver-1.20.9/hw/xfree86/xorg-wrapper.c
|
|
+++ xserver-1.20.9/hw/xfree86/xorg-wrapper.c 2020-09-29 12:52:59.256970275 +0200
|
|
@@ -191,6 +191,60 @@
|
|
return 0;
|
|
}
|
|
|
|
+static int check_vt_range(long int vt)
|
|
+{
|
|
+ if (vt >= 2 && vt <= 7 ) {
|
|
+ return 1;
|
|
+ }
|
|
+
|
|
+ return 0;
|
|
+}
|
|
+
|
|
+/* Xserver option whitelist filter (boo#1175867) */
|
|
+static int option_filter(int argc, char* argv[]){
|
|
+
|
|
+ for(int pos=1; pos<argc; pos++) {
|
|
+ const char *arg = argv[pos];
|
|
+
|
|
+ if (strlen(arg) == 3 && !strncmp(arg,"vt", 2) && check_vt_range(strtol(arg+2, NULL, 10)) == 1) {
|
|
+ /* vtX (vt2-vt7) */
|
|
+ continue;
|
|
+ } else if(!strcmp(arg,"-displayfd") ||
|
|
+ !strcmp(arg,"-auth") ||
|
|
+ !strcmp(arg,"-background") ||
|
|
+ !strcmp(arg,"-verbose") ||
|
|
+ !strcmp(arg,"-listen")) {
|
|
+ /* -displayfd x
|
|
+ -auth xxxx
|
|
+ -backgound none
|
|
+ -verbose 7 (7 or 3)
|
|
+ -listen tcp
|
|
+ */
|
|
+ if ((pos+1) < argc) {
|
|
+ pos++;
|
|
+ } else {
|
|
+ fprintf(stderr, "%s: Missing argument for Xserver option \"%s\". Aborting.\n",
|
|
+ progname, arg);
|
|
+ return 0;
|
|
+ }
|
|
+ } else if (!strcmp(arg,"-noreset") ||
|
|
+ !strcmp(arg,"-keeptty") ||
|
|
+ !strcmp(arg,"-core")) {
|
|
+ /* -noreset
|
|
+ -keeptty
|
|
+ -core
|
|
+ */
|
|
+ continue;
|
|
+ } else {
|
|
+ fprintf(stderr, "%s: Xserver option \"%s\" invalid or not in whitelist. Aborting.\n",
|
|
+ progname, arg);
|
|
+ return 0;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ return 1;
|
|
+}
|
|
+
|
|
int main(int argc, char *argv[])
|
|
{
|
|
#ifdef WITH_LIBDRM
|
|
@@ -250,11 +304,14 @@
|
|
|
|
close(fd);
|
|
}
|
|
+ /* If we've found cards, and all cards support kms, drop root rights */
|
|
+ if (total_cards && kms_cards == total_cards) {
|
|
+ needs_root_rights = 0;
|
|
+ }
|
|
}
|
|
#endif
|
|
|
|
- /* If we've found cards, and all cards support kms, drop root rights */
|
|
- if (needs_root_rights == 0 || (total_cards && kms_cards == total_cards)) {
|
|
+ if (needs_root_rights == 0) {
|
|
gid_t realgid = getgid();
|
|
uid_t realuid = getuid();
|
|
int ngroups = 0;
|
|
@@ -326,6 +383,15 @@
|
|
}
|
|
|
|
argv[0] = buf;
|
|
+
|
|
+ if (needs_root_rights == 1 && getuid() != 0)
|
|
+ {
|
|
+ /* Xserver option whitelist filter (boo#1175867) */
|
|
+ if (option_filter(argc, argv) == 0) {
|
|
+ exit(1);
|
|
+ }
|
|
+ }
|
|
+
|
|
if (getuid() == geteuid())
|
|
(void) execv(argv[0], argv);
|
|
else
|