r27285 - in /desktop/squeeze/gdm3/debian: changelog patches/99_CVE-2011-0727.patch patches/series
joss at users.alioth.debian.org
joss at users.alioth.debian.org
Wed Apr 6 06:27:53 UTC 2011
Author: joss
Date: Wed Apr 6 06:27:51 2011
New Revision: 27285
URL: http://svn.debian.org/wsvn/pkg-gnome/?sc=1&rev=27285
Log:
Apply patch from Ray Strode <rstrode at redhat.com> to address
CVE-2011-0727
Added:
desktop/squeeze/gdm3/debian/patches/99_CVE-2011-0727.patch
Modified:
desktop/squeeze/gdm3/debian/changelog
desktop/squeeze/gdm3/debian/patches/series
Modified: desktop/squeeze/gdm3/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/squeeze/gdm3/debian/changelog?rev=27285&op=diff
==============================================================================
--- desktop/squeeze/gdm3/debian/changelog [utf-8] (original)
+++ desktop/squeeze/gdm3/debian/changelog [utf-8] Wed Apr 6 06:27:51 2011
@@ -1,3 +1,10 @@
+gdm3 (2.30.5-6squeeze2) stable-security; urgency=medium
+
+ * Apply patch from Ray Strode <rstrode at redhat.com> to address
+ CVE-2011-0727
+
+ -- Florian Weimer <fw at deneb.enyo.de> Sat, 26 Mar 2011 21:06:15 +0100
+
gdm3 (2.30.5-6squeeze1) stable; urgency=low
[ Josselin Mouette ]
Added: desktop/squeeze/gdm3/debian/patches/99_CVE-2011-0727.patch
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/squeeze/gdm3/debian/patches/99_CVE-2011-0727.patch?rev=27285&op=file
==============================================================================
--- desktop/squeeze/gdm3/debian/patches/99_CVE-2011-0727.patch (added)
+++ desktop/squeeze/gdm3/debian/patches/99_CVE-2011-0727.patch [utf-8] Wed Apr 6 06:27:51 2011
@@ -1,0 +1,57 @@
+From: Ray Strode <rstrode at redhat.com>
+Date: Thu, 24 Mar 2011 16:47:37 -0400
+Subject: [PATCH] worker: CVE-2011-0727: change to user before copying user files
+
+This commit changes to a user before copying user files to prevent
+a possible symlink local root exploit attack.
+---
+ daemon/gdm-session-worker.c | 29 +++++++++++++++++------------
+ 1 files changed, 17 insertions(+), 12 deletions(-)
+
+diff --git a/daemon/gdm-session-worker.c b/daemon/gdm-session-worker.c
+index 35a6bfe..7c5b0b5 100644
+--- a/daemon/gdm-session-worker.c
++++ b/daemon/gdm-session-worker.c
+@@ -1035,17 +1035,6 @@ gdm_cache_copy_file (GdmSessionWorker *worker,
+ error->message);
+ g_error_free (error);
+ } else {
+- int res;
+-
+- res = chown (cachefilename,
+- worker->priv->uid,
+- worker->priv->gid);
+- if (res == -1) {
+- g_warning ("GdmSessionWorker: Error setting owner of cache file: %s",
+- g_strerror (errno));
+- }
+-
+- g_chmod (cachefilename, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
+ g_debug ("Copy successful");
+ }
+
+@@ -1183,7 +1172,23 @@ gdm_session_worker_uninitialize_pam (GdmSessionWorker *worker,
+ return;
+
+ if (worker->priv->state >= GDM_SESSION_WORKER_STATE_SESSION_OPENED) {
+- gdm_session_worker_cache_userfiles (worker);
++ pid_t pid;
++
++ pid = fork ();
++
++ if (pid == 0) {
++ if (setuid (worker->priv->uid) < 0) {
++ g_debug ("GdmSessionWorker: could not reset uid: %s", g_strerror (errno));
++ _exit (1);
++ }
++
++ gdm_session_worker_cache_userfiles (worker);
++ _exit (0);
++ }
++
++ if (pid > 0) {
++ gdm_wait_on_pid (pid);
++ }
+ pam_close_session (worker->priv->pam_handle, 0);
+ gdm_session_auditor_report_logout (worker->priv->auditor);
+
Modified: desktop/squeeze/gdm3/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/squeeze/gdm3/debian/patches/series?rev=27285&op=diff
==============================================================================
--- desktop/squeeze/gdm3/debian/patches/series [utf-8] (original)
+++ desktop/squeeze/gdm3/debian/patches/series [utf-8] Wed Apr 6 06:27:51 2011
@@ -31,3 +31,4 @@
29_grep_path.patch
30_utf8_locale.patch
90_relibtoolize.patch
+99_CVE-2011-0727.patch
More information about the pkg-gnome-commits
mailing list