Index: xc/config/cf/FreeBSD.cf diff -u xc/config/cf/FreeBSD.cf:3.112 xc/config/cf/FreeBSD.cf:3.112.2.1 --- xc/config/cf/FreeBSD.cf:3.112 Thu Jan 3 11:33:49 2002 +++ xc/config/cf/FreeBSD.cf Tue Sep 3 22:38:08 2002 @@ -2,7 +2,7 @@ XCOMM XCOMM XCOMM -XCOMM platform: $XFree86: xc/config/cf/FreeBSD.cf,v 3.112 2002/01/03 16:33:49 tsi Exp $ +XCOMM platform: $XFree86: xc/config/cf/FreeBSD.cf,v 3.112.2.1 2002/09/04 02:38:08 dawes Exp $ #ifndef UseElfFormat #define UseElfFormat DefaultToElfFormat @@ -59,6 +59,10 @@ #define HasNCurses YES #define HasVarRun YES #define HasVarDb YES + +#if (OSMajorVersion >= 3) +#define HasIssetugid YES +#endif #if (OSMajorVersion > 1) #define InstallXloadSetGID NO Index: xc/config/cf/Imake.tmpl diff -u xc/config/cf/Imake.tmpl:3.116 xc/config/cf/Imake.tmpl:3.116.2.1 --- xc/config/cf/Imake.tmpl:3.116 Tue Jan 15 16:22:33 2002 +++ xc/config/cf/Imake.tmpl Tue Sep 3 22:38:08 2002 @@ -5,7 +5,7 @@ XCOMM XCOMM XCOMM -XCOMM $XFree86: xc/config/cf/Imake.tmpl,v 3.116 2002/01/15 21:22:33 keithp Exp $ +XCOMM $XFree86: xc/config/cf/Imake.tmpl,v 3.116.2.1 2002/09/04 02:38:08 dawes Exp $ XCOMM ---------------------------------------------------------------------- /* @@ -370,6 +370,12 @@ #endif #ifndef HasDlopen #define HasDlopen NO /* assume not */ +#endif +#ifndef HasIssetugid +#define HasIssetugid NO /* assume not */ +#endif +#ifndef HasGetresuid +#define HasGetresuid NO /* assume not */ #endif #ifndef HasMkstemp #define HasMkstemp NO /* assume not */ Index: xc/config/cf/NetBSD.cf diff -u xc/config/cf/NetBSD.cf:3.102 xc/config/cf/NetBSD.cf:3.102.2.1 --- xc/config/cf/NetBSD.cf:3.102 Thu Jan 3 11:33:49 2002 +++ xc/config/cf/NetBSD.cf Tue Sep 3 22:38:08 2002 @@ -2,7 +2,7 @@ -XCOMM platform: $XFree86: xc/config/cf/NetBSD.cf,v 3.102 2002/01/03 16:33:49 tsi Exp $ +XCOMM platform: $XFree86: xc/config/cf/NetBSD.cf,v 3.102.2.1 2002/09/04 02:38:08 dawes Exp $ #ifndef OSName @@ -73,6 +73,12 @@ # define HasMktemp NO #else # define HasMktemp YES +#endif + +#ifndef HasIssetugid +# if (OSMajorVersion > 1 || (OSMajorVersion == 1 && OSMinorVersion >= 5)) +# define HasIssetugid YES +# endif #endif #define HasUsableFileMmap YES Index: xc/config/cf/OpenBSD.cf diff -u xc/config/cf/OpenBSD.cf:3.66 xc/config/cf/OpenBSD.cf:3.66.2.1 --- xc/config/cf/OpenBSD.cf:3.66 Thu Jan 3 11:33:49 2002 +++ xc/config/cf/OpenBSD.cf Tue Sep 3 22:38:08 2002 @@ -1,4 +1,4 @@ -XCOMM platform: $XFree86: xc/config/cf/OpenBSD.cf,v 3.66 2002/01/03 16:33:49 tsi Exp $ +XCOMM platform: $XFree86: xc/config/cf/OpenBSD.cf,v 3.66.2.1 2002/09/04 02:38:08 dawes Exp $ XCOMM #ifndef OSName @@ -71,6 +71,12 @@ #ifndef HasLibPthread #define HasLibPthread NO +#endif + +#ifndef HasIssetugid +# if (OSMajorVersion >= 2) +# define HasIssetugid YES +# endif #endif #ifndef HasMktemp Index: xc/config/cf/X11.tmpl diff -u xc/config/cf/X11.tmpl:1.141 xc/config/cf/X11.tmpl:1.141.2.1 --- xc/config/cf/X11.tmpl:1.141 Tue Jan 15 17:55:26 2002 +++ xc/config/cf/X11.tmpl Tue Sep 3 22:38:08 2002 @@ -5,7 +5,7 @@ XCOMM XCOMM XCOMM -XCOMM $XFree86: xc/config/cf/X11.tmpl,v 1.141 2002/01/15 22:55:26 herrb Exp $ +XCOMM $XFree86: xc/config/cf/X11.tmpl,v 1.141.2.1 2002/09/04 02:38:08 dawes Exp $ /*************************************************************************** * * @@ -243,6 +243,15 @@ #endif #ifndef BuildLoadableXlibI18n #define BuildLoadableXlibI18n (HasDlopen && SharedLibX11) +#endif +/* + * This disables XLOCALEDIR. Set it if you're using BuildLoadableXlibI18n, + * don't have either issetugid() or getresuid(), and you need to protect + * clients that are setgid or setuid to an id other than 0. + */ +#ifndef DisableXLocaleDirEnv +#define DisableXLocaleDirEnv BuildLoadableXlibI18n && \ + !(HasIssetugid || HasGetresuid) #endif #ifndef BuildXextLib #define BuildXextLib (BuildLibraries || (BuildLibrariesForXServers && XnestServer)) Index: xc/config/cf/linux.cf diff -u xc/config/cf/linux.cf:3.175 xc/config/cf/linux.cf:3.175.2.1 --- xc/config/cf/linux.cf:3.175 Tue Jan 15 16:22:31 2002 +++ xc/config/cf/linux.cf Tue Sep 3 22:38:08 2002 @@ -4,7 +4,7 @@ -XCOMM platform: $XFree86: xc/config/cf/linux.cf,v 3.175 2002/01/15 21:22:31 keithp Exp $ +XCOMM platform: $XFree86: xc/config/cf/linux.cf,v 3.175.2.1 2002/09/04 02:38:08 dawes Exp $ #ifndef LinuxElfDefault # define LinuxElfDefault YES @@ -435,6 +435,9 @@ #if UseElfFormat || defined(AlphaArchitecture) #define HasSnprintf YES #define HasMkstemp YES +#endif +#ifndef HasGetresuid +#define HasGetresuid YES #endif #if OSMajorVersion >= 2 #define HasUsableFileMmap YES Index: xc/config/cf/sun.cf diff -u xc/config/cf/sun.cf:3.61 xc/config/cf/sun.cf:3.61.2.1 --- xc/config/cf/sun.cf:3.61 Thu Jan 3 11:33:49 2002 +++ xc/config/cf/sun.cf Tue Sep 3 22:38:08 2002 @@ -3,7 +3,7 @@ -XCOMM platform: $XFree86: xc/config/cf/sun.cf,v 3.61 2002/01/03 16:33:49 tsi Exp $ +XCOMM platform: $XFree86: xc/config/cf/sun.cf,v 3.61.2.1 2002/09/04 02:38:08 dawes Exp $ #ifndef OSName # define OSName DefaultOSName @@ -296,6 +296,9 @@ #define HasSecureRPC YES #define SetTtyGroup YES #define HasPutenv YES +#if (OSMajorVersion > 5) || ((OSMajorVersion == 5) && (OSMinorVersion >= 9)) +# define HasIssetugid YES +#endif #ifndef i386Architecture # ifndef Xsun24Server # define Xsun24Server NO /* color, mono, multiple depths */ Index: xc/lib/X11/Imakefile diff -u xc/lib/X11/Imakefile:3.43 xc/lib/X11/Imakefile:3.43.2.1 --- xc/lib/X11/Imakefile:3.43 Thu Dec 20 14:03:47 2001 +++ xc/lib/X11/Imakefile Tue Sep 3 22:38:09 2002 @@ -3,7 +3,7 @@ -XCOMM $XFree86: xc/lib/X11/Imakefile,v 3.43 2001/12/20 19:03:47 keithp Exp $ +XCOMM $XFree86: xc/lib/X11/Imakefile,v 3.43.2.1 2002/09/04 02:38:09 dawes Exp $ #if BuildLoadableXlibI18n #define IHaveSubdirs #define PassCDebugFlags CDEBUGFLAGS="$(CDEBUGFLAGS)" @@ -96,6 +96,13 @@ #if NoRConst RCONST_DEFINES = -DNORCONST #endif +#if DisableXLocaleDirEnv + SETID_DEFINES = -DNO_XLOCALEDIR +#elif HasIssetugid + SETID_DEFINES = -DHASSETUGID +#elif HasGetresuid + SETID_DEFINES = -DHASGETRESUID +#endif XLC_DEFINES = -DXLOCALEDIR=\"$(XLOCALEDIR)\" #if HasKrb5 K5OBJS = k5encode.o @@ -964,7 +971,7 @@ SpecialCLibObjectRule(Xrm,$(_NOOP_),$(RCONST_DEFINES)) SpecialCLibObjectRule(imTransR,$(ICONFIGFILES),$(CONN_DEFINES) $(XTRANS_XIM_DEFINES)) SpecialCLibObjectRule(imTrans,$(ICONFIGFILES),$(CONN_DEFINES) $(XTRANS_XIM_DEFINES)) -SpecialCLibObjectRule(lcFile,$(ICONFIGFILES),$(XLC_DEFINES)) +SpecialCLibObjectRule(lcFile,$(ICONFIGFILES),$(XLC_DEFINES) $(SETID_DEFINES)) #if BuildXKBlib SpecialCLibObjectRule(XKBCvt,$(_NOOP_),$(RCONST_DEFINES)) SpecialCLibObjectRule(KeyBind,$(ICONFIGFILES),$(XKB_DEFINES)) Index: xc/lib/X11/XlcDL.c diff -u xc/lib/X11/XlcDL.c:1.3.4.1 xc/lib/X11/XlcDL.c:1.3.4.2 --- xc/lib/X11/XlcDL.c:1.3.4.1 Wed Jan 23 14:17:00 2002 +++ xc/lib/X11/XlcDL.c Tue Sep 3 22:38:09 2002 @@ -41,7 +41,7 @@ Sun Microsystems, Inc. or its licensors is granted. */ -/* $XFree86: xc/lib/X11/XlcDL.c,v 1.3.4.1 2002/01/23 19:17:00 dawes Exp $ */ +/* $XFree86: xc/lib/X11/XlcDL.c,v 1.3.4.2 2002/09/04 02:38:09 dawes Exp $ */ #include #if defined(hpux) @@ -236,6 +236,12 @@ char *path; size_t len; + /* + * reject this for possible security issue + */ + if (strstr (dl_name, "../")) + return NULL; + #ifdef _LP64 len = (lc_dir ? strlen(lc_dir) : 0 ) + (dl_name ? strlen(dl_name) : 0) + _MACH64_NAME_LEN + 10; @@ -317,6 +323,8 @@ strcmp(objects_list->locale_name, lc_name)) continue; if (!objects_list->dl_module) { path = __lc_path(objects_list->dl_name, lc_dir); + if (!path) + continue; #if defined(hpux) objects_list->dl_module = shl_load(path, BIND_DEFERRED, 0L); #else @@ -392,6 +400,8 @@ strcmp(objects_list->locale_name, lc_name)) continue; if (!objects_list->dl_module) { path = __lc_path(objects_list->dl_name, lc_dir); + if (!path) + continue; #if defined(hpux) objects_list->dl_module = shl_load(path, BIND_DEFERRED, 0L); #else @@ -467,6 +477,8 @@ strcmp(objects_list->locale_name, lc_name)) continue; if (!objects_list->dl_module) { path = __lc_path(objects_list->dl_name, lc_dir); + if (!path) + continue; #if defined(hpux) objects_list->dl_module = shl_load(path, BIND_DEFERRED, 0L); #else @@ -542,6 +554,8 @@ strcmp(objects_list->locale_name, lc_name)) continue; if (!objects_list->dl_module) { path = __lc_path(objects_list->dl_name, lc_dir); + if (!path) + continue; #if defined(hpux) objects_list->dl_module = shl_load(path, BIND_DEFERRED, 0L); #else @@ -637,6 +651,8 @@ strcmp(objects_list->locale_name, lc_name)) continue; if (!objects_list->dl_module) { path = __lc_path(objects_list->dl_name, lc_dir); + if (!path) + continue; #if defined(hpux) objects_list->dl_module = shl_load(path, BIND_DEFERRED, 0L); #else Index: xc/lib/X11/lcFile.c diff -u xc/lib/X11/lcFile.c:3.25 xc/lib/X11/lcFile.c:3.25.4.1 --- xc/lib/X11/lcFile.c:3.25 Mon Nov 19 10:33:38 2001 +++ xc/lib/X11/lcFile.c Tue Sep 3 22:38:09 2002 @@ -23,7 +23,7 @@ * SOFTWARE. * */ -/* $XFree86: xc/lib/X11/lcFile.c,v 3.25 2001/11/19 15:33:38 tsi Exp $ */ +/* $XFree86: xc/lib/X11/lcFile.c,v 3.25.4.1 2002/09/04 02:38:09 dawes Exp $ */ #include #include @@ -143,18 +143,62 @@ char *buf, int buf_len) { - char *dir, *p = buf; + char *p = buf; int len = 0; +#ifndef NO_XLOCALEDIR + char *dir; + int priv = 1; + dir = getenv("XLOCALEDIR"); - if (dir != NULL) { - len = strlen(dir); - strncpy(p, dir, buf_len); - if (len < buf_len) { - p[len++] = LC_PATHDELIM; - p += len; + + if (dir) { + /* + * Only use the user-supplied path if the process isn't priviledged. + */ + if (getuid() == geteuid() && getgid() == getegid()) { +#if defined(HASSETUGID) + priv = issetugid(); +#elif defined(HASGETRESUID) + { + uid_t ruid, euid, suid; + gid_t rgid, egid, sgid; + if ((getresuid(&ruid, &euid, &suid) == 0) && + (getresgid(&rgid, &egid, &sgid) == 0)) + priv = (euid != suid) || (egid != sgid); + } +#else + /* + * If there are saved ID's the process might still be priviledged + * even though the above test succeeded. If issetugid() and + * getresgid() aren't available, test this by trying to set + * euid to 0. + * + * Note: this only protects setuid-root clients. It doesn't + * protect other setuid or any setgid clients. If this tradeoff + * isn't acceptable, set DisableXLocaleDirEnv to YES in host.def. + */ + unsigned int oldeuid; + oldeuid = geteuid(); + if (seteuid(0) != 0) { + priv = 0; + } else { + seteuid(oldeuid); + priv = 1; + } +#endif + } + if (!priv) { + len = strlen(dir); + strncpy(p, dir, buf_len); + if (len < buf_len) { + p[len++] = LC_PATHDELIM; + p += len; + } } } +#endif /* NO_XLOCALEDIR */ + if (len < buf_len) #ifndef __EMX__ strncpy(p, XLOCALEDIR, buf_len - len); .