[Pkg-xfce-devel] Bug#639151: [oss-security] Re: Bug#639151: Bug#639151: Bug#639151: Local privilege escalation
corsac at debian.org
Fri Aug 26 09:07:20 UTC 2011
On ven., 2011-08-26 at 10:58 +0200, Yves-Alexis Perez wrote:
> > However I didnt dig deep enough into it to write an exploit as I dont have
> > a working lightdm setup. The correct behavior is to temporarily drop euid/fsuid
> > to that of the user if doing anything with his files.
> Yeah, I'm currently cooking patches doing that, though they'll need
> review before apply.
Would something like:
diff --git a/src/dmrc.c b/src/dmrc.c
index bff1da8..9f38faf 100644
@@ -80,11 +80,25 @@ dmrc_save (GKeyFile *dmrc_file, const gchar *username)
/* Update the users .dmrc */
+ /* write the file as the user itself */
+ pid_t pid;
+ pid = fork();
+ if (pid == 0)
+ if (setuid (user_get_uid(user)) < 0)
+ g_warning("Error changing uid for %s: %s", username, g_strerror(errno));
path = g_build_filename (user_get_home_directory (user), ".dmrc", NULL);
g_file_set_contents (path, data, length, NULL);
- if (getuid () == 0 && chown (path, user_get_uid (user), user_get_gid (user)) < 0)
- g_warning ("Error setting ownership on %s: %s", path, strerror (errno));
+ if (pid > 0)
/* Update the .dmrc cache */
do the job (untested, it's more like a RFC right now).
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: This is a digitally signed message part
More information about the Pkg-xfce-devel