diff options
Diffstat (limited to 'x11-misc/sddm/files/sddm-0.18.1-cve-2020-28049.patch')
| -rw-r--r-- | x11-misc/sddm/files/sddm-0.18.1-cve-2020-28049.patch | 94 |
1 files changed, 0 insertions, 94 deletions
diff --git a/x11-misc/sddm/files/sddm-0.18.1-cve-2020-28049.patch b/x11-misc/sddm/files/sddm-0.18.1-cve-2020-28049.patch deleted file mode 100644 index 8209c0739dc6..000000000000 --- a/x11-misc/sddm/files/sddm-0.18.1-cve-2020-28049.patch +++ /dev/null @@ -1,94 +0,0 @@ -From be202f533ab98a684c6a007e8d5b4357846bc222 Mon Sep 17 00:00:00 2001 -From: Fabian Vogt <fabian@ritter-vogt.de> -Date: Tue, 6 Oct 2020 21:21:38 +0200 -Subject: [PATCH] Fix X not having access control on startup - -If the auth file is empty, X allows any local application (= any user on the -system) to connect. This is currently the case until X wrote the display -number to sddm and sddm used that to write the entry into the file. -To work around this chicken-and-egg problem, make use of the fact that X -doesn't actually look at the display number in the passed auth file and just -use :0 unconditionally. Also make sure that writing the entry was actually -successful. - -CVE-2020-28049 ---- - src/daemon/XorgDisplayServer.cpp | 25 ++++++++++++++++++++----- - src/daemon/XorgDisplayServer.h | 2 +- - 2 files changed, 21 insertions(+), 6 deletions(-) - -diff --git a/src/daemon/XorgDisplayServer.cpp b/src/daemon/XorgDisplayServer.cpp -index d04f6344..df685b2d 100644 ---- a/src/daemon/XorgDisplayServer.cpp -+++ b/src/daemon/XorgDisplayServer.cpp -@@ -88,7 +88,7 @@ namespace SDDM { - return m_cookie; - } - -- void XorgDisplayServer::addCookie(const QString &file) { -+ bool XorgDisplayServer::addCookie(const QString &file) { - // log message - qDebug() << "Adding cookie to" << file; - -@@ -104,13 +104,13 @@ namespace SDDM { - - // check file - if (!fp) -- return; -+ return false; - fprintf(fp, "remove %s\n", qPrintable(m_display)); - fprintf(fp, "add %s . %s\n", qPrintable(m_display), qPrintable(m_cookie)); - fprintf(fp, "exit\n"); - - // close pipe -- pclose(fp); -+ return pclose(fp) == 0; - } - - bool XorgDisplayServer::start() { -@@ -127,6 +127,15 @@ namespace SDDM { - // log message - qDebug() << "Display server starting..."; - -+ // generate auth file. -+ // For the X server's copy, the display number doesn't matter. -+ // An empty file would result in no access control! -+ m_display = QStringLiteral(":0"); -+ if(!addCookie(m_authPath)) { -+ qCritical() << "Failed to write xauth file"; -+ return false; -+ } -+ - if (daemonApp->testing()) { - QStringList args; - QDir x11socketDir(QStringLiteral("/tmp/.X11-unix")); -@@ -217,8 +226,14 @@ namespace SDDM { - emit started(); - } - -- // generate auth file -- addCookie(m_authPath); -+ // The file is also used by the greeter, which does care about the -+ // display number. Write the proper entry, if it's different. -+ if(m_display != QStringLiteral(":0")) { -+ if(!addCookie(m_authPath)) { -+ qCritical() << "Failed to write xauth file"; -+ return false; -+ } -+ } - changeOwner(m_authPath); - - // set flag -diff --git a/src/daemon/XorgDisplayServer.h b/src/daemon/XorgDisplayServer.h -index d2bdf6d4..e97a0b53 100644 ---- a/src/daemon/XorgDisplayServer.h -+++ b/src/daemon/XorgDisplayServer.h -@@ -40,7 +40,7 @@ namespace SDDM { - - const QString &cookie() const; - -- void addCookie(const QString &file); -+ bool addCookie(const QString &file); - - public slots: - bool start(); |