gdm r6147 - in trunk: . daemon

From: halfline svn gnome org
To: svn-commits-list gnome org
Subject: gdm r6147 - in trunk: . daemon
Date: Fri, 11 Apr 2008 21:18:26 +0100 (BST)

Author: halfline
Date: Fri Apr 11 21:18:25 2008
New Revision: 6147
URL: http://svn.gnome.org/viewvc/gdm?rev=6147&view=rev

Log:
2008-04-11  Ray Strode <rstrode redhat com>

	* daemon/gdm-session-worker.c
	(_change_user), (gdm_session_worker_start_user_session):
	Plug gaping security hole made in last commit


Modified:
   trunk/ChangeLog
   trunk/daemon/gdm-session-worker.c

Modified: trunk/daemon/gdm-session-worker.c
==============================================================================
--- trunk/daemon/gdm-session-worker.c	(original)
+++ trunk/daemon/gdm-session-worker.c	Fri Apr 11 21:18:25 2008
@@ -111,6 +111,7 @@
         char             *display_device;
         char             *hostname;
         char             *username;
+        uid_t             uid;
         gboolean          password_is_required;
 
         int               cred_flags;
@@ -1176,6 +1177,7 @@
                 return FALSE;
         }
 #endif
+        worker->priv->uid = uid;
 
         if (setgid (gid) < 0) {
                 return FALSE;
@@ -1574,7 +1576,7 @@
                 char  *home_dir;
                 int    fd;
 
-                if (setuid (getuid ()) < 0) {
+                if (setuid (worker->uid) < 0) {
                         g_debug ("GdmSessionWorker: could not reset uid - %s", g_strerror (errno));
                         _exit (1);
                 }

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]