The branch, master has been updated via 96655427f63bf17cf244f44859c568366950680c (commit) from 30ba707a2402086c71eaf3061519a85662848aa1 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 96655427f63bf17cf244f44859c568366950680c Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Date: Mon Jul 18 21:19:21 2011 +0200 Switch to setgid instead of setuid for SQLite wrapper. ----------------------------------------------------------------------- Summary of changes: debian/changelog | 1 + debian/x2goserver.postinst | 24 ++++++++++++++---------- x2goserver/lib/x2gosqlitewrapper.pl | 12 ++++++------ x2goserver/sbin/x2godbadmin | 8 ++++---- 4 files changed, 25 insertions(+), 20 deletions(-) The diff of changes is: diff --git a/debian/changelog b/debian/changelog index 01aa4fd..5d44ea4 100644 --- a/debian/changelog +++ b/debian/changelog @@ -14,6 +14,7 @@ x2goserver (3.0.99.5-0~x2go3) UNRELEASED; urgency=low * Use source format 3.0 (native). * Fix of Debian clean rules, fix of Makefile's clean rules. * Breaks/replaces packages: x2goserver-one, x2goserver-home, x2goprint (instead of Conflicts). + * Switch to setgid instead of setuid for SQLite wrapper. [Martin Oehler] * Removes old debug code fragment, fixes x2golistsessions parsing. diff --git a/debian/x2goserver.postinst b/debian/x2goserver.postinst index bed72b7..5cbd874 100755 --- a/debian/x2goserver.postinst +++ b/debian/x2goserver.postinst @@ -25,31 +25,35 @@ case "$1" in chmod 600 /etc/x2go/x2gosql/passwords/pgadmin # setup x2gouser and group - if ! getent group x2gousers >/dev/null; then - echo "Creating x2gouser user." >&2 - addgroup --system x2gousers + if ! getent group x2gouser >/dev/null; then + echo "Creating x2gouser group." >&2 + addgroup --system x2gouser else - echo "User x2gouser already exists." >&2 + echo "Group x2gouser already exists." >&2 fi if ! getent passwd x2gouser >/dev/null; then echo "Creating x2gouser user." >&2 adduser --system --no-create-home \ --disabled-password --disabled-login \ - --shell /bin/false --group --home /var/lib/x2go x2gouser + --shell /bin/false --group --home /var/db/x2go x2gouser else echo "User x2gouser already exists." >&2 fi - if [ ! -f /var/lib/x2go/x2go_sessions ]; then + if [ ! -f /var/db/x2go/x2go_sessions ]; then x2godbadmin --createdb + else + # make sure db permissions are set correctly + chown root:x2gouser /var/db/x2go -Rf + chmod 0750 /var/db/x2go + chmod 0660 /var/db/x2go/x2go_sessions fi # the sqlite db has to be accessed as uid x2gouser - dpkg-statoverride --add --update x2gouser x2gousers 6755 /usr/lib/x2go/x2gosqlitewrapper.pl || true + dpkg-statoverride --add --update root x2gouser 4755 /usr/bin/x2gosqlitewrapper || true - # we may be upgrading versions of x2goserver that used perlsuid, so make sure setuid is removed - # from /usr/bin/x2gosqlitewrapper - dpkg-statoverride --remove /usr/bin/x2gosqlitewrapper && chown root:root /usr/bin/x2gosqlitewrapper && chmod 0755 /usr/bin/x2gosqlitewrapper || true + # we may be upgrading versions of x2goserver that had /usr/lib/x2go/x2gosqlitewrapper.pl set to setuid user. + dpkg-statoverride --remove /usr/lib/x2go/x2gosqlitewrapper.pl && chown root:root /usr/lib/x2go/x2gosqlitewrapper.pl && chmod 0755 /usr/lib/x2go/x2gosqlitewrapper.pl || true ;; diff --git a/x2goserver/lib/x2gosqlitewrapper.pl b/x2goserver/lib/x2gosqlitewrapper.pl index 9cbf663..70ee4e5 100755 --- a/x2goserver/lib/x2gosqlitewrapper.pl +++ b/x2goserver/lib/x2gosqlitewrapper.pl @@ -25,14 +25,14 @@ use strict; use DBI; use POSIX; -if ($< eq $>) -{ - die "Please install this program as SUID x2gouser!\n"; -} +# retrieve home dir of x2gouser +my $x2gouser='x2gouser'; +my ($uname, $pass, $uid, $pgid, $quota, $comment, $gcos, $homedir, $shell, $expire) = getpwnam($x2gouser); +my $dbfile="$homedir/x2go_sessions"; +# retrieve account data of real user my $realuser=$<; -my ($uname, $pass, $uid, $pgid, $quota, $comment, $gcos, $homedir, $shell, $expire) = getpwuid($>); -my $dbfile="$homedir/x2go_sessions"; +my ($uname, $pass, $uid, $pgid, $quota, $comment, $gcos, $homedir, $shell, $expire) = getpwnam($realuser); my $dbh=DBI->connect("dbi:SQLite:dbname=$dbfile","","",{AutoCommit => 1}) or die $_; diff --git a/x2goserver/sbin/x2godbadmin b/x2goserver/sbin/x2godbadmin index 7dc98b6..00bb073 100755 --- a/x2goserver/sbin/x2godbadmin +++ b/x2goserver/sbin/x2godbadmin @@ -147,10 +147,10 @@ if($Config->param("backend") eq 'sqlite') $sth->finish(); $dbh->disconnect(); - chmod(0700,"$dir"); - chown($uid,$pgid,"$dir"); - chmod(0600,"$dbfile"); - chown($uid,$pgid,"$dbfile"); + chmod(0750, "$dir"); + chown('root',$pgid,"$dir"); + chmod(0660, "$dbfile"); + chown('root',$pgid,"$dbfile"); exit(0); } hooks/post-receive -- x2goserver.git (X2go Server) This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "x2goserver.git" (X2go Server).