diff options
| author |   Ulrich Müller <ulm@gentoo.org> | 2015-01-23 13:21:05 +0100 |
|---|---|---|
| committer | Ulrich Müller <ulm@gentoo.org> | 2015-01-23 13:21:05 +0100 |
| commit | d0ddaf8a01882ea2b0f1c4b56f467cc828c6887d (patch) | |
| tree | 942982ccf282c8af7db3add25d8474418959c9b5 | |
| parent | Don't shadow load-path in gnus, bug 537156. (diff) | |
| download | emacs-patches-d0ddaf8a01882ea2b0f1c4b56f467cc828c6887d.tar.gz emacs-patches-d0ddaf8a01882ea2b0f1c4b56f467cc828c6887d.tar.bz2 emacs-patches-d0ddaf8a01882ea2b0f1c4b56f467cc828c6887d.zip | |
Backport support for update-game-score to run sgid instead of suid.emacs-24.4-patches-3
| -rw-r--r-- | emacs/23.4/23_all_games-sgid.patch | 232 | ||||
| -rw-r--r-- | emacs/24.4/04_all_games-sgid.patch | 226 |
2 files changed, 458 insertions, 0 deletions
diff --git a/emacs/23.4/23_all_games-sgid.patch b/emacs/23.4/23_all_games-sgid.patch new file mode 100644 index 0000000..c69d089 --- /dev/null +++ b/emacs/23.4/23_all_games-sgid.patch @@ -0,0 +1,232 @@ +Backport support for update-game-score to run sgid instead of suid. +This comprises parts of the following commits from upstream git: + +commit 74ab488ff2e57f31eb5290266f0f3b1995ebf83e +Author: Paul Eggert <eggert@cs.ucla.edu> +Date: Thu Jan 22 00:39:30 2015 -0800 + + Check exit statuses in lib-src/Makefile + +commit 7f4e7dd378c456b498c270b47b46aaae365a72ab +Author: Ulrich Müller <ulm@gentoo.org> +Date: Thu Jan 22 08:24:42 2015 +0100 + + Don't fail if chown or chgrp for 'update-game-score' is unsuccessful. + +commit 20f66485526b69eb26f2e70bd835a5e1333559d5 +Author: Ulrich Müller <ulm@gentoo.org> +Date: Fri Jan 16 09:25:25 2015 +0100 + + Allow update-game-score to run sgid instead of suid. + +--- emacs-23.4-orig/configure.in ++++ emacs-23.4/configure.in +@@ -39,8 +39,6 @@ + docdir='${datadir}/emacs/${version}/etc' + gamedir='${localstatedir}/games/emacs' + +-gameuser=games +- + dnl OPTION_DEFAULT_OFF(NAME, HELP-STRING) + dnl Create a new --with option that defaults to being disabled. + dnl NAME is the base name of the option. The shell variable with_NAME +@@ -176,10 +174,25 @@ + CRT_DIR="${with_crt_dir}" + + AC_ARG_WITH(gameuser,dnl +-[AS_HELP_STRING([--with-gameuser=USER],[user for shared game score files])]) +-test "X${with_gameuser}" != X && test "${with_gameuser}" != yes \ +- && gameuser="${with_gameuser}" +-test "X$gameuser" = X && gameuser=games ++[AS_HELP_STRING([--with-gameuser=USER_OR_GROUP], ++ [user for shared game score files. ++ An argument prefixed by ':' specifies a group instead.])]) ++gameuser= ++gamegroup= ++case ${with_gameuser} in ++ no) ;; ++ "" | yes) ++ AC_MSG_CHECKING([whether a 'games' user exists]) ++ if id -u games >/dev/null 2>&1; then ++ AC_MSG_RESULT([yes]) ++ gameuser=games ++ else ++ AC_MSG_RESULT([no]) ++ fi ++ ;; ++ :*) gamegroup=`echo "${with_gameuser}" | sed -e "s/://"` ;; ++ *) gameuser=${with_gameuser} ;; ++esac + + AC_ARG_WITH([gnustep-conf],dnl + [AS_HELP_STRING([--with-gnustep-conf=PATH],[path to GNUstep.conf; default $GNUSTEP_CONFIG_FILE, or /etc/GNUstep/GNUstep.conf])]) +@@ -2708,6 +2721,7 @@ + AC_SUBST(bitmapdir) + AC_SUBST(gamedir) + AC_SUBST(gameuser) ++AC_SUBST(gamegroup) + AC_SUBST(c_switch_system) + AC_SUBST(c_switch_machine) + AC_SUBST(LD_SWITCH_X_SITE) +--- emacs-23.4-orig/lib-src/Makefile.in ++++ emacs-23.4/lib-src/Makefile.in +@@ -90,6 +90,7 @@ + + gamedir=@gamedir@ + gameuser=@gameuser@ ++gamegroup=@gamegroup@ + + # ==================== Utility Programs for the Build ================= + +@@ -310,10 +311,25 @@ + /* If the following commands fail, that is not a big deal. + update-game-score will detect at runtime that it is not setuid, + and handle things accordingly. */ +- -if chown ${gameuser} $(DESTDIR)${archlibdir}/update-game-score && chmod u+s $(DESTDIR)${archlibdir}/update-game-score; then \ +- chown ${gameuser} $(DESTDIR)${gamedir}; \ +- chmod u=rwx,g=rwx,o=rx $(DESTDIR)${gamedir}; \ ++ifneq ($(gameuser),) ++ if chown ${gameuser} \ ++ "$(DESTDIR)${archlibdir}/update-game-score${EXEEXT}" && \ ++ chmod u+s,go-r \ ++ "$(DESTDIR)${archlibdir}/update-game-score${EXEEXT}"; \ ++ then \ ++ chown ${gameuser} "$(DESTDIR)${gamedir}" && \ ++ chmod u=rwx,g=rx,o=rx "$(DESTDIR)${gamedir}"; \ + fi ++else ifneq ($(gamegroup),) ++ if chgrp ${gamegroup} \ ++ "$(DESTDIR)${archlibdir}/update-game-score${EXEEXT}" && \ ++ chmod g+s,o-r \ ++ "$(DESTDIR)${archlibdir}/update-game-score${EXEEXT}"; \ ++ then \ ++ chgrp ${gamegroup} "$(DESTDIR)${gamedir}" && \ ++ chmod u=rwx,g=rwx,o=rx "$(DESTDIR)${gamedir}"; \ ++ fi ++endif + if [ `(cd $(DESTDIR)${archlibdir} && /bin/pwd)` \ + != `(cd ${srcdir} && /bin/pwd)` ]; then \ + for file in ${SCRIPTS}; do \ +--- emacs-23.4-orig/lib-src/update-game-score.c ++++ emacs-23.4/lib-src/update-game-score.c +@@ -22,8 +22,8 @@ + + + /* This program allows a game to securely and atomically update a +- score file. It should be installed setuid, owned by an appropriate +- user like `games'. ++ score file. It should be installed either setuid or setgid, owned ++ by an appropriate user or group like `games'. + + Alternatively, it can be compiled without HAVE_SHARED_GAME_DIR + defined, and in that case it will store scores in the user's home +@@ -104,8 +104,8 @@ + int push_score P_ ((struct score_entry **scores, int *count, + int newscore, char *username, char *newdata)); + void sort_scores P_ ((struct score_entry *scores, int count, int reverse)); +-int write_scores P_ ((const char *filename, const struct score_entry *scores, +- int count)); ++int write_scores P_ ((const char *filename, mode_t mode, ++ const struct score_entry *scores, int count)); + + void lose P_ ((const char *msg)) NO_RETURN; + +@@ -166,20 +166,21 @@ + } + + char * +-get_prefix (running_suid, user_prefix) +- int running_suid; ++get_prefix (privileged, user_prefix) ++ int privileged; + char *user_prefix; + { +- if (!running_suid && user_prefix == NULL) +- lose ("Not using a shared game directory, and no prefix given."); +- if (running_suid) ++ if (privileged) + { + #ifdef HAVE_SHARED_GAME_DIR + return HAVE_SHARED_GAME_DIR; + #else +- lose ("This program was compiled without HAVE_SHARED_GAME_DIR,\n and should not be suid."); ++ lose ("This program was compiled without HAVE_SHARED_GAME_DIR,\n" ++ "and should not run with elevated privileges."); + #endif + } ++ if (user_prefix == NULL) ++ lose ("Not using a shared game directory, and no prefix given."); + return user_prefix; + } + +@@ -188,7 +189,7 @@ + int argc; + char **argv; + { +- int c, running_suid; ++ int c, running_suid, running_sgid; + void *lockstate; + char *user_id, *scorefile, *prefix, *user_prefix = NULL; + struct stat buf; +@@ -223,8 +224,11 @@ + usage (EXIT_FAILURE); + + running_suid = (getuid () != geteuid ()); ++ running_sgid = (getgid () != getegid ()); ++ if (running_suid && running_sgid) ++ lose ("This program can run either suid or sgid, but not both."); + +- prefix = get_prefix (running_suid, user_prefix); ++ prefix = get_prefix (running_suid || running_sgid, user_prefix); + + scorefile = malloc (strlen (prefix) + strlen (argv[optind]) + 2); + if (!scorefile) +@@ -263,7 +267,8 @@ + scorecount -= (scorecount - MAX_SCORES); + if (reverse) + scores += (scorecount - MAX_SCORES); +- if (write_scores (scorefile, scores, scorecount) < 0) ++ if (write_scores (scorefile, running_sgid ? 0664 : 0644, ++ scores, scorecount) < 0) + { + unlock_file (scorefile, lockstate); + lose_syserr ("Failed to write scores file"); +@@ -445,8 +450,9 @@ + } + + int +-write_scores (filename, scores, count) ++write_scores (filename, mode, scores, count) + const char *filename; ++ mode_t mode; + const struct score_entry * scores; + int count; + { +@@ -471,7 +477,7 @@ + fclose (f); + if (rename (tempfile, filename) < 0) + return -1; +- if (chmod (filename, 0644) < 0) ++ if (chmod (filename, mode) < 0) + return -1; + return 0; + } +--- emacs-23.4-orig/lisp/play/gamegrid.el ++++ emacs-23.4/lisp/play/gamegrid.el +@@ -491,13 +491,13 @@ + (not (zerop (logand (file-modes + (expand-file-name "update-game-score" + exec-directory)) +- #o4000))))) ++ #o6000))))) + (cond ((file-name-absolute-p file) + (gamegrid-add-score-insecure file score)) + ((and gamegrid-shared-game-dir + (file-exists-p (expand-file-name file shared-game-score-directory))) +- ;; Use the setuid "update-game-score" program to update a +- ;; system-wide score file. ++ ;; Use the setuid (or setgid) "update-game-score" program ++ ;; to update a system-wide score file. + (gamegrid-add-score-with-update-game-score-1 file + (expand-file-name file shared-game-score-directory) score)) + ;; Else: Add the score to a score file in the user's home diff --git a/emacs/24.4/04_all_games-sgid.patch b/emacs/24.4/04_all_games-sgid.patch new file mode 100644 index 0000000..1c0f43c --- /dev/null +++ b/emacs/24.4/04_all_games-sgid.patch @@ -0,0 +1,226 @@ +Backport support for update-game-score to run sgid instead of suid. +This comprises parts of the following commits from upstream git: + +commit 74ab488ff2e57f31eb5290266f0f3b1995ebf83e +Author: Paul Eggert <eggert@cs.ucla.edu> +Date: Thu Jan 22 00:39:30 2015 -0800 + + Check exit statuses in lib-src/Makefile + +commit 7f4e7dd378c456b498c270b47b46aaae365a72ab +Author: Ulrich Müller <ulm@gentoo.org> +Date: Thu Jan 22 08:24:42 2015 +0100 + + Don't fail if chown or chgrp for 'update-game-score' is unsuccessful. + +commit 20f66485526b69eb26f2e70bd835a5e1333559d5 +Author: Ulrich Müller <ulm@gentoo.org> +Date: Fri Jan 16 09:25:25 2015 +0100 + + Allow update-game-score to run sgid instead of suid. + +--- emacs-24.4-orig/configure.ac ++++ emacs-24.4/configure.ac +@@ -313,10 +313,25 @@ + fi + + AC_ARG_WITH(gameuser,dnl +-[AS_HELP_STRING([--with-gameuser=USER],[user for shared game score files])]) +-test "X${with_gameuser}" != X && test "${with_gameuser}" != yes \ +- && gameuser="${with_gameuser}" +-test "X$gameuser" = X && gameuser=games ++[AS_HELP_STRING([--with-gameuser=USER_OR_GROUP], ++ [user for shared game score files. ++ An argument prefixed by ':' specifies a group instead.])]) ++gameuser= ++gamegroup= ++case ${with_gameuser} in ++ no) ;; ++ "" | yes) ++ AC_MSG_CHECKING([whether a 'games' user exists]) ++ if id -u games >/dev/null 2>&1; then ++ AC_MSG_RESULT([yes]) ++ gameuser=games ++ else ++ AC_MSG_RESULT([no]) ++ fi ++ ;; ++ :*) gamegroup=`echo "${with_gameuser}" | sed -e "s/://"` ;; ++ *) gameuser=${with_gameuser} ;; ++esac + + AC_ARG_WITH([gnustep-conf],dnl + [AS_HELP_STRING([--with-gnustep-conf=FILENAME], +@@ -4658,6 +4673,7 @@ + AC_SUBST(bitmapdir) + AC_SUBST(gamedir) + AC_SUBST(gameuser) ++AC_SUBST(gamegroup) + ## FIXME? Nothing uses @LD_SWITCH_X_SITE@. + ## src/Makefile.in did add LD_SWITCH_X_SITE (as a cpp define) to the + ## end of LIBX_BASE, but nothing ever set it. +--- emacs-24.4-orig/lib-src/Makefile.in ++++ emacs-24.4/lib-src/Makefile.in +@@ -101,6 +101,7 @@ + + gamedir=@gamedir@ + gameuser=@gameuser@ ++gamegroup=@gamegroup@ + + # ==================== Utility Programs for the Build ================= + +@@ -243,10 +244,25 @@ + umask 022; ${MKDIR_P} "$(DESTDIR)${gamedir}"; \ + touch "$(DESTDIR)${gamedir}/snake-scores"; \ + touch "$(DESTDIR)${gamedir}/tetris-scores" +- -if chown ${gameuser} "$(DESTDIR)${archlibdir}/update-game-score${EXEEXT}" && chmod u+s "$(DESTDIR)${archlibdir}/update-game-score${EXEEXT}"; then \ +- chown ${gameuser} "$(DESTDIR)${gamedir}"; \ ++ifneq ($(gameuser),) ++ if chown ${gameuser} \ ++ "$(DESTDIR)${archlibdir}/update-game-score${EXEEXT}" && \ ++ chmod u+s,go-r \ ++ "$(DESTDIR)${archlibdir}/update-game-score${EXEEXT}"; \ ++ then \ ++ chown ${gameuser} "$(DESTDIR)${gamedir}" && \ ++ chmod u=rwx,g=rx,o=rx "$(DESTDIR)${gamedir}"; \ ++ fi ++else ifneq ($(gamegroup),) ++ if chgrp ${gamegroup} \ ++ "$(DESTDIR)${archlibdir}/update-game-score${EXEEXT}" && \ ++ chmod g+s,o-r \ ++ "$(DESTDIR)${archlibdir}/update-game-score${EXEEXT}"; \ ++ then \ ++ chgrp ${gamegroup} "$(DESTDIR)${gamedir}" && \ + chmod u=rwx,g=rwx,o=rx "$(DESTDIR)${gamedir}"; \ + fi ++endif + exp_archlibdir=`cd "$(DESTDIR)${archlibdir}" && /bin/pwd`; \ + if [ "$$exp_archlibdir" != "`cd ${srcdir} && /bin/pwd`" ]; then \ + for file in ${SCRIPTS}; do \ +--- emacs-24.4-orig/lib-src/update-game-score.c ++++ emacs-24.4/lib-src/update-game-score.c +@@ -21,8 +21,8 @@ + + + /* This program allows a game to securely and atomically update a +- score file. It should be installed setuid, owned by an appropriate +- user like `games'. ++ score file. It should be installed either setuid or setgid, owned ++ by an appropriate user or group like `games'. + + Alternatively, it can be compiled without HAVE_SHARED_GAME_DIR + defined, and in that case it will store scores in the user's home +@@ -89,7 +89,7 @@ + ptrdiff_t *size, struct score_entry const *newscore); + static void sort_scores (struct score_entry *scores, ptrdiff_t count, + bool reverse); +-static int write_scores (const char *filename, ++static int write_scores (const char *filename, mode_t mode, + const struct score_entry *scores, ptrdiff_t count); + + static _Noreturn void +@@ -122,18 +122,19 @@ + } + + static const char * +-get_prefix (bool running_suid, const char *user_prefix) ++get_prefix (bool privileged, const char *user_prefix) + { +- if (!running_suid && user_prefix == NULL) +- lose ("Not using a shared game directory, and no prefix given."); +- if (running_suid) ++ if (privileged) + { + #ifdef HAVE_SHARED_GAME_DIR + return HAVE_SHARED_GAME_DIR; + #else +- lose ("This program was compiled without HAVE_SHARED_GAME_DIR,\n and should not be suid."); ++ lose ("This program was compiled without HAVE_SHARED_GAME_DIR,\n" ++ "and should not run with elevated privileges."); + #endif + } ++ if (user_prefix == NULL) ++ lose ("Not using a shared game directory, and no prefix given."); + return user_prefix; + } + +@@ -141,7 +142,7 @@ + main (int argc, char **argv) + { + int c; +- bool running_suid; ++ bool running_suid, running_sgid; + void *lockstate; + char *scorefile; + char *nl; +@@ -183,8 +184,11 @@ + usage (EXIT_FAILURE); + + running_suid = (getuid () != geteuid ()); ++ running_sgid = (getgid () != getegid ()); ++ if (running_suid && running_sgid) ++ lose ("This program can run either suid or sgid, but not both."); + +- prefix = get_prefix (running_suid, user_prefix); ++ prefix = get_prefix (running_suid || running_sgid, user_prefix); + + scorefile = malloc (strlen (prefix) + strlen (argv[optind]) + 2); + if (!scorefile) +@@ -234,7 +238,8 @@ + scores += scorecount - max_scores; + scorecount = max_scores; + } +- if (write_scores (scorefile, scores, scorecount) < 0) ++ if (write_scores (scorefile, running_sgid ? 0664 : 0644, ++ scores, scorecount) < 0) + { + unlock_file (scorefile, lockstate); + lose_syserr ("Failed to write scores file"); +@@ -429,8 +434,8 @@ + } + + static int +-write_scores (const char *filename, const struct score_entry *scores, +- ptrdiff_t count) ++write_scores (const char *filename, mode_t mode, ++ const struct score_entry *scores, ptrdiff_t count) + { + int fd; + FILE *f; +@@ -444,7 +449,7 @@ + if (fd < 0) + return -1; + #ifndef DOS_NT +- if (fchmod (fd, 0644) != 0) ++ if (fchmod (fd, mode) != 0) + return -1; + #endif + f = fdopen (fd, "w"); +@@ -460,7 +465,7 @@ + if (rename (tempfile, filename) != 0) + return -1; + #ifdef DOS_NT +- if (chmod (filename, 0644) < 0) ++ if (chmod (filename, mode) < 0) + return -1; + #endif + return 0; +--- emacs-24.4-orig/lisp/play/gamegrid.el ++++ emacs-24.4/lisp/play/gamegrid.el +@@ -486,13 +486,13 @@ + (not (zerop (logand (file-modes + (expand-file-name "update-game-score" + exec-directory)) +- #o4000))))) ++ #o6000))))) + (cond ((file-name-absolute-p file) + (gamegrid-add-score-insecure file score)) + ((and gamegrid-shared-game-dir + (file-exists-p (expand-file-name file shared-game-score-directory))) +- ;; Use the setuid "update-game-score" program to update a +- ;; system-wide score file. ++ ;; Use the setuid (or setgid) "update-game-score" program ++ ;; to update a system-wide score file. + (gamegrid-add-score-with-update-game-score-1 file + (expand-file-name file shared-game-score-directory) score)) + ;; Else: Add the score to a score file in the user's home |