[X2Go-Commits] x2gobroker.git - build-main (branch) updated: 0.0.2.0-12-g65d6359
X2Go dev team
git-admin at x2go.org
Sun May 19 13:05:23 CEST 2013
The branch, build-main has been updated
via 65d635943bb2a8580eae0f04be99dcd3e5c9605c (commit)
from a62fa864d38a7bad4938905782049d5d6af8d9bc (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
Makefile | 2 +-
debian/changelog | 3 +++
src/x2gobroker-agent.c | 55 ++++--------------------------------------------
3 files changed, 8 insertions(+), 52 deletions(-)
The diff of changes is:
diff --git a/Makefile b/Makefile
index 02382e5..8b10c5e 100755
--- a/Makefile
+++ b/Makefile
@@ -56,7 +56,7 @@ build: build-arch build-indep
build-arch: build_setuidwrappers
build_setuidwrappers:
- $(CC) $(CFLAGS) $(LDFLAGS) -o lib/x2gobroker-agent src/x2gobroker-agent.c
+ $(CC) $(CFLAGS) $(LDFLAGS) -DTRUSTED_BINARY=\"$(DESTDIR)$(LIBDIR)/x2gobroker-agent.pl\" -o lib/x2gobroker-agent src/x2gobroker-agent.c
build-indep:
# run setup.py build+install somewhere here...
diff --git a/debian/changelog b/debian/changelog
index 91ee2fc..038afcd 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -7,6 +7,9 @@ x2gobroker (0.0.2.1-0~x2go1) UNRELEASED; urgency=low
variable settings into VirtualHost setup.
- Remove unused, not-yet-developed broker backends and frontends.
- Remove old cruft from x2gobroker.conf.
+ - Security fix for setuid wrapper x2gobroker-agent.c. Hard-code path to
+ x2gobroker-agent.pl during build via defining a macro in the Makefile.
+ Thanks to Richard Weinberger for spotting this!!!
[ Jan Engelhardt ]
* New upstream version (0.0.2.1):
diff --git a/src/x2gobroker-agent.c b/src/x2gobroker-agent.c
index 29992fd..0464ae7 100644
--- a/src/x2gobroker-agent.c
+++ b/src/x2gobroker-agent.c
@@ -19,61 +19,14 @@
* Free Software Foundation, Inc.,
* 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
*
- *
*/
-#include <stdio.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <libgen.h>
-#include <errno.h>
-
int main( int argc, char *argv[] ) {
- char * x2gobrokeragentpl = NULL;
- size_t path_max;
-
-/*
- The following snippet is taken from the realpath manpage
-*/
-#ifdef PATH_MAX
- path_max = PATH_MAX;
-#else
- path_max = pathconf (".", _PC_PATH_MAX);
- if (path_max <= 0){
- path_max = 4096;
- }
-#endif
- {
- // allocate dynamic buffer in stack: this needs C99 or gnu??
- char buffer[path_max];
- ssize_t rvrl;
- int rvap;
-
- // resolve link of /proc/self/exe to find out where we are
- rvrl = readlink("/proc/self/exe", buffer, path_max);
- if(rvrl == -1){
- perror("readlink(\"/proc/self/exe\",buffer,path_max)");
- exit(EXIT_FAILURE);
- }
- if(rvrl >= path_max){
- fprintf(stderr, "Could not resolve the path of this file using \"/proc/self/exe\". The path is too long (> %i)", path_max);
- exit(EXIT_FAILURE);
- }
-
- // derive the full path of x2gobroker-agent.pl from path of this binary
- rvap = asprintf(&x2gobrokeragentpl, "%s/%s", dirname(buffer), "x2gobroker-agent.pl");
- if(rvap == -1){
- fprintf(stderr, "Failed to allocate memory calling asprintf\n");
- exit(EXIT_FAILURE);
- }
-
- // execute the script, running with user-rights of this binary
- execv(x2gobrokeragentpl, argv);
- }
+ char x2gobrokeragent[] = TRUSTED_BINARY;
- // ...fail
- fprintf(stderr, "Failed to execute %s: %s\n", x2gobrokeragentpl, strerror(errno));
- return EXIT_FAILURE;
+ argv[0] = "x2gobroker-agent.pl";
+ // execute the script, running with user-rights of this binary
+ execv(x2gobrokeragent, argv);
}
hooks/post-receive
--
x2gobroker.git (HTTP(S) Session broker for X2Go)
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "x2gobroker.git" (HTTP(S) Session broker for X2Go).
More information about the x2go-commits
mailing list