ports/158174: x11/gdm: fix call to setusercontext(3)
Edward Tomasz Napierala
trasz at FreeBSD.org
Wed Jun 22 20:00:22 UTC 2011
>Number: 158174
>Category: ports
>Synopsis: x11/gdm: fix call to setusercontext(3)
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed Jun 22 20:00:20 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator: Edward Tomasz Napierala
>Release:
>Organization:
>Environment:
>Description:
As it is now, the setusercontext(3) call in gdm is missing a few flags. Attached patch fixes that by implicitly adding LOGIN_SETLOGINCLASS (neccessary for rctl resource limits), LOGIN_SETCPUMASK and LOGIN_SETMAC. Note that I've not been able to test the MAC part.
>How-To-Repeat:
>Fix:
Patch attached with submission follows:
Index: Makefile
===================================================================
RCS file: /home/pcvs/ports/x11/gdm/Makefile,v
retrieving revision 1.137
diff -u -r1.137 Makefile
--- Makefile 29 Mar 2011 13:40:09 -0000 1.137
+++ Makefile 22 Jun 2011 19:53:11 -0000
@@ -8,7 +8,7 @@
PORTNAME= gdm
PORTVERSION= 2.30.5
-PORTREVISION= 2
+PORTREVISION= 3
CATEGORIES= x11 gnome
MASTER_SITES= GNOME
DIST_SUBDIR= gnome2
Index: files/patch-daemon_gdm-session-worker.c
===================================================================
RCS file: /home/pcvs/ports/x11/gdm/files/patch-daemon_gdm-session-worker.c,v
retrieving revision 1.4
diff -u -r1.4 patch-daemon_gdm-session-worker.c
--- files/patch-daemon_gdm-session-worker.c 29 Mar 2011 13:40:09 -0000 1.4
+++ files/patch-daemon_gdm-session-worker.c 22 Jun 2011 19:53:11 -0000
@@ -1,5 +1,5 @@
--- daemon/gdm-session-worker.c.orig 2010-08-11 19:40:07.000000000 +0200
-+++ daemon/gdm-session-worker.c 2011-03-29 10:37:37.000000000 +0200
++++ daemon/gdm-session-worker.c 2011-06-22 21:44:30.000000000 +0200
@@ -31,6 +31,9 @@
#include <errno.h>
#include <grp.h>
@@ -10,7 +10,7 @@
#ifdef HAVE_LOGINDEVPERM
#include <libdevinfo.h>
-@@ -341,7 +344,7 @@ gdm_session_execute (const char *file,
+@@ -341,7 +344,7 @@
* what to search if PATH is unset. POSIX may, dunno.
*/
@@ -19,7 +19,7 @@
}
len = strlen (file) + 1;
-@@ -1035,17 +1038,6 @@ gdm_cache_copy_file (GdmSessionWorker *w
+@@ -1035,17 +1038,6 @@
error->message);
g_error_free (error);
} else {
@@ -37,7 +37,7 @@
g_debug ("Copy successful");
}
-@@ -1183,7 +1175,23 @@ gdm_session_worker_uninitialize_pam (Gdm
+@@ -1183,7 +1175,23 @@
return;
if (worker->priv->state >= GDM_SESSION_WORKER_STATE_SESSION_OPENED) {
@@ -62,7 +62,7 @@
pam_close_session (worker->priv->pam_handle, 0);
gdm_session_auditor_report_logout (worker->priv->auditor);
-@@ -2027,15 +2035,16 @@ gdm_session_worker_start_user_session (G
+@@ -2027,15 +2035,16 @@
char *cachedirname;
char *home_dir;
int fd;
@@ -83,16 +83,12 @@
if (setsid () < 0) {
g_debug ("GdmSessionWorker: could not set pid '%u' as leader of new session and process group - %s",
-@@ -2043,6 +2052,28 @@ gdm_session_worker_start_user_session (G
+@@ -2043,6 +2052,24 @@
_exit (2);
}
+#ifdef HAVE_LOGINCAP
-+ if (setusercontext (NULL, pwent, pwent->pw_uid,
-+ LOGIN_SETLOGIN | LOGIN_SETPATH |
-+ LOGIN_SETPRIORITY | LOGIN_SETRESOURCES |
-+ LOGIN_SETUMASK | LOGIN_SETUSER |
-+ LOGIN_SETENV) < 0) {
++ if (setusercontext (NULL, pwent, pwent->pw_uid, LOGIN_SETALL & ~LOGIN_SETGROUP) < 0) {
+ g_debug ("%s: setusercontext () failed for %s. "
+ "Aborting.", "gdm_session_worker_start_user_session",
+ login ? login : "(null)");
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list