From amdmi3@amdmi3.ru  Tue Dec 25 14:53:39 2007
Return-Path: <amdmi3@amdmi3.ru>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 6DE0016A417
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 25 Dec 2007 14:53:39 +0000 (UTC)
	(envelope-from amdmi3@amdmi3.ru)
Received: from cp65.agava.net (cp65.agava.net [89.108.66.215])
	by mx1.freebsd.org (Postfix) with ESMTP id 3045E13C45B
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 25 Dec 2007 14:53:39 +0000 (UTC)
	(envelope-from amdmi3@amdmi3.ru)
Received: from [213.148.20.85] (helo=hive.panopticon)
	by cp65.agava.net with esmtpsa (TLSv1:AES256-SHA:256)
	(Exim 4.63 (FreeBSD))
	(envelope-from <amdmi3@amdmi3.ru>)
	id 1J7BBA-000LK6-Bc
	for FreeBSD-gnats-submit@freebsd.org; Tue, 25 Dec 2007 17:54:48 +0300
Received: from hades.panopticon (hades.panopticon [192.168.0.32])
	by hive.panopticon (Postfix) with ESMTP id D270C5CFC
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 25 Dec 2007 17:53:26 +0300 (MSK)
Received: by hades.panopticon (Postfix, from userid 1000)
	id 42CE217030; Tue, 25 Dec 2007 17:53:36 +0300 (MSK)
Message-Id: <20071225145336.42CE217030@hades.panopticon>
Date: Tue, 25 Dec 2007 17:53:36 +0300 (MSK)
From: Dmitry Marakasov <amdmi3@amdmi3.ru>
Reply-To: Dmitry Marakasov <amdmi3@amdmi3.ru>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: [PATCH] xorg-server: incorrect SUID option handling
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         119012
>Category:       ports
>Synopsis:       [PATCH] x11-servers/xorg-server: incorrect SUID option handling
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-x11
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Tue Dec 25 15:00:03 UTC 2007
>Closed-Date:    Wed Jan 02 12:59:04 UTC 2008
>Last-Modified:  Wed Jan 02 12:59:04 UTC 2008
>Originator:     Dmitry Marakasov
>Release:        FreeBSD 7.0-BETA4 i386
>Organization:
>Environment:
System: FreeBSD hades.panopticon 7.0-BETA4 FreeBSD 7.0-BETA4 #0: Thu Dec 20 13:28:17 MSK 2007 root@hades.panopticon:/usr/obj/usr/src/sys/HADES i386


>Description:
When user has no NO_SUID_XSERVER=yes line in make.conf and turns off SUID option in xorg-server port, it will still be installed suid. The patch corrects this behavior.

Before patch:

SUID option in port | NO_SUID_XSERVER | result
--------------------+-----------------+-------
on                  | undefined       | suid
on                  | = YES           | suid
on                  | = NO            | suid
off                 | undefined       | suid
off                 | = YES           | nosuid
off                 | = NO            | suid

After patch:

SUID option in port | NO_SUID_XSERVER | result
--------------------+-----------------+-------
on                  | undefined       | suid
on                  | = YES           | nosuid
on                  | = NO            | suid
off                 | undefined       | nosuid
off                 | = YES           | nosuid
off                 | = NO            | nosuid

Also it may be good to update the message displayed when x server is installed suid

>How-To-Repeat:
>Fix:

--- xorg-server.patch begins here ---
diff -ruN xorg-server.orig/Makefile xorg-server/Makefile
--- xorg-server.orig/Makefile	2007-12-25 17:29:40.000000000 +0300
+++ xorg-server/Makefile	2007-12-25 17:35:02.000000000 +0300
@@ -7,7 +7,7 @@
 
 PORTNAME=	xorg-server
 PORTVERSION=	1.4
-PORTREVISION=	3
+PORTREVISION=	4
 PORTEPOCH=	1
 CATEGORIES=	x11-servers
 MASTER_SITES=	http://xorg.freedesktop.org/releases/individual/xserver/:fdo \
@@ -71,7 +71,7 @@
 CONFIGURE_ARGS+=	--enable-aiglx=no
 .endif
 
-.if !defined(WITHOUT_SUID) || !defined(NO_SUID_XSERVER) || ${NO_SUID_XSERVER} == NO
+.if !defined(WITHOUT_SUID) && (!defined(NO_SUID_XSERVER) || ${NO_SUID_XSERVER} == NO)
 CONFIGURE_ARGS+=--enable-install-setuid=yes
 .else
 CONFIGURE_ARGS+=--enable-install-setuid=no
@@ -105,7 +105,7 @@
 PLIST_SUB+=	AMD64_I386_SPARC64="@comment "
 .endif
 
-.if !defined(WITHOUT_SUID) || !defined(NO_SUID_XSERVER) || ${NO_SUID_XSERVER} == NO
+.if !defined(WITHOUT_SUID) && (!defined(NO_SUID_XSERVER) || ${NO_SUID_XSERVER} == NO)
 pre-everything::
 	@${ECHO_MSG} "By default, the X Server installs as a set-user-id root binary. When run by"
 	@${ECHO_MSG} "a normal user, it checks arguments and environment as done in the x11/wrapper"
--- xorg-server.patch ends here ---

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->freebsd-x11 
Responsible-Changed-By: edwin 
Responsible-Changed-When: Tue Dec 25 21:16:18 UTC 2007 
Responsible-Changed-Why:  
Over to maintainer (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=119012 
State-Changed-From-To: open->closed 
State-Changed-By: flz 
State-Changed-When: Mer 2 jan 2008 12:59:03 UTC 
State-Changed-Why:  
Committed. Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=119012 
>Unformatted:
