Группа :: Графические оболочки/KDE
Пакет: sddm
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
Патч: CVE-2020-28049.patch
Скачать
Скачать
commit be202f533ab98a684c6a007e8d5b4357846bc222
Author: Fabian Vogt <fabian@ritter-vogt.de>
Date: Tue Oct 6 21:21:38 2020 +0200
Fix X not having access control on startup
If the auth file is empty, X allows any local application (= any user on the
system) to connect. This is currently the case until X wrote the display
number to sddm and sddm used that to write the entry into the file.
To work around this chicken-and-egg problem, make use of the fact that X
doesn't actually look at the display number in the passed auth file and just
use :0 unconditionally. Also make sure that writing the entry was actually
successful.
CVE-2020-28049
diff --git a/src/daemon/XorgDisplayServer.cpp b/src/daemon/XorgDisplayServer.cpp
index d04f634..df685b2 100644
--- a/src/daemon/XorgDisplayServer.cpp
+++ b/src/daemon/XorgDisplayServer.cpp
@@ -88,7 +88,7 @@ namespace SDDM {
return m_cookie;
}
- void XorgDisplayServer::addCookie(const QString &file) {
+ bool XorgDisplayServer::addCookie(const QString &file) {
// log message
qDebug() << "Adding cookie to" << file;
@@ -104,13 +104,13 @@ namespace SDDM {
// check file
if (!fp)
- return;
+ return false;
fprintf(fp, "remove %s\n", qPrintable(m_display));
fprintf(fp, "add %s . %s\n", qPrintable(m_display), qPrintable(m_cookie));
fprintf(fp, "exit\n");
// close pipe
- pclose(fp);
+ return pclose(fp) == 0;
}
bool XorgDisplayServer::start() {
@@ -127,6 +127,15 @@ namespace SDDM {
// log message
qDebug() << "Display server starting...";
+ // generate auth file.
+ // For the X server's copy, the display number doesn't matter.
+ // An empty file would result in no access control!
+ m_display = QStringLiteral(":0");
+ if(!addCookie(m_authPath)) {
+ qCritical() << "Failed to write xauth file";
+ return false;
+ }
+
if (daemonApp->testing()) {
QStringList args;
QDir x11socketDir(QStringLiteral("/tmp/.X11-unix"));
@@ -217,8 +226,14 @@ namespace SDDM {
emit started();
}
- // generate auth file
- addCookie(m_authPath);
+ // The file is also used by the greeter, which does care about the
+ // display number. Write the proper entry, if it's different.
+ if(m_display != QStringLiteral(":0")) {
+ if(!addCookie(m_authPath)) {
+ qCritical() << "Failed to write xauth file";
+ return false;
+ }
+ }
changeOwner(m_authPath);
// set flag
diff --git a/src/daemon/XorgDisplayServer.h b/src/daemon/XorgDisplayServer.h
index d2bdf6d..e97a0b5 100644
--- a/src/daemon/XorgDisplayServer.h
+++ b/src/daemon/XorgDisplayServer.h
@@ -40,7 +40,7 @@ namespace SDDM {
const QString &cookie() const;
- void addCookie(const QString &file);
+ bool addCookie(const QString &file);
public slots:
bool start();