Hi, as prompted by jasper@ here's an update to x11/slim that includes a security fix (removing ./ from default PATH) in http://svn.berlios.de/viewvc/slim?view=revision&revision=171 If you modified slim.conf you'll manually need to either fix it, or start again with the provided one in share/examples/slim.
Still works fine after basic testing on i386. Landry
Index: Makefile =================================================================== RCS file: /cvs/ports/x11/slim/Makefile,v retrieving revision 1.10 diff -u -r1.10 Makefile --- Makefile 30 Jul 2010 08:02:59 -0000 1.10 +++ Makefile 23 Aug 2010 19:46:50 -0000 @@ -2,8 +2,7 @@ COMMENT= simple login manager -DISTNAME= slim-1.3.1 -REVISION= 3 +DISTNAME= slim-1.3.2 CATEGORIES= x11 HOMEPAGE= http://slim.berlios.de/ @@ -18,6 +17,7 @@ PERMIT_DISTFILES_FTP= Yes USE_X11= Yes +USE_GMAKE= Yes NO_REGRESS= Yes LIB_DEPENDS= ::graphics/jpeg \ ::graphics/png Index: distinfo =================================================================== RCS file: /cvs/ports/x11/slim/distinfo,v retrieving revision 1.2 diff -u -r1.2 distinfo --- distinfo 5 Nov 2008 13:36:41 -0000 1.2 +++ distinfo 23 Aug 2010 19:46:50 -0000 @@ -1,5 +1,5 @@ -MD5 (slim-1.3.1.tar.gz) = cn0KyyTA+/B1ETTDepyJXw== -RMD160 (slim-1.3.1.tar.gz) = 3Ax8clffqMK+5H/6Xsjd8X/Tj3A= -SHA1 (slim-1.3.1.tar.gz) = MBUrKAck2vdSmajuFlhQQfJT7U8= -SHA256 (slim-1.3.1.tar.gz) = rNekAkv9fCpPPNXXf/7UlW0TcnqPVUBCEm0FaN7+D3c= -SIZE (slim-1.3.1.tar.gz) = 219446 +MD5 (slim-1.3.2.tar.gz) = yhrmEg5vS0lp8tbPlPR7Qg== +RMD160 (slim-1.3.2.tar.gz) = HKZQTAfqLUIP3oa22w9M+71mgPw= +SHA1 (slim-1.3.2.tar.gz) = 5CHVSHcyyDF/j1kZBmYeAUsDY1g= +SHA256 (slim-1.3.2.tar.gz) = 8VYBJQBfJTubiCIFmP7XqVde9AVxaGLGyj/MctvUgrg= +SIZE (slim-1.3.2.tar.gz) = 220592 Index: patches/patch-app_cpp =================================================================== RCS file: patches/patch-app_cpp diff -N patches/patch-app_cpp --- patches/patch-app_cpp 5 Nov 2009 19:05:12 -0000 1.2 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,183 +0,0 @@ -$OpenBSD: patch-app_cpp,v 1.2 2009/11/05 19:05:12 landry Exp $ -Slim used to spawn 'xauth add . <COOKIE>' via the system() call, so the -cookie itself was visible. On multi-user system one can poll for the -xauth processes via ps and gather cookies for X sessions. -fixes CVE-2009-1756 ---- app.cpp.orig Fri Sep 26 02:54:15 2008 -+++ app.cpp Wed Oct 28 19:31:08 2009 -@@ -32,6 +32,62 @@ - - using namespace std; - -+/* Code taken from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529306 */ -+/* From: Eygene Ryabinkin <[email protected]> */ -+#include <time.h> -+#include <stdlib.h> -+ -+/* -+ * Adds the given cookie to the specified Xauthority file. -+ * Returns true on success, false on fault. -+ */ -+bool Util::add_mcookie(const std::string &mcookie, const char *display, -+ const std::string &xauth_cmd, const std::string &authfile) -+{ -+ FILE *fp; -+ std::string cmd = xauth_cmd + " -f " + authfile + " -q"; -+ -+ fp = popen(cmd.c_str(), "w"); -+ if (!fp) -+ return false; -+ fprintf(fp, "remove %s\n", display); -+ fprintf(fp, "add %s %s %s\n", display, ".", mcookie.c_str()); -+ fprintf(fp, "exit\n"); -+ -+ pclose(fp); -+ return true; -+} -+/* -+ * Interface for random number generator. Just now it uses ordinary -+ * random/srandom routines and serves as a wrapper for them. -+ */ -+void Util::srandom(unsigned long seed) -+{ -+ ::srandom(seed); -+} -+ -+long Util::random(void) -+{ -+ return ::random(); -+} -+ -+/* -+ * Makes seed for the srandom() using "random" values obtained from -+ * getpid(), time(NULL) and others. -+ */ -+long Util::makeseed(void) -+{ -+ struct timespec ts; -+ long pid = getpid(); -+ long tm = time(NULL); -+ -+ if (clock_gettime(CLOCK_MONOTONIC, &ts) != 0) { -+ ts.tv_sec = ts.tv_nsec = 0; -+ } -+ -+ return pid + tm + (ts.tv_sec ^ ts.tv_nsec); -+} -+ - #ifdef USE_PAM - #include <string> - -@@ -104,7 +160,8 @@ extern App* LoginApp; - - void CatchSignal(int sig) { - cerr << APPNAME << ": unexpected signal " << sig << endl; -- LoginApp->StopServer(); -+ if (LoginApp->serverStarted) -+ LoginApp->StopServer(); - LoginApp->RemoveLock(); - exit(ERR_EXIT); - } -@@ -131,12 +188,13 @@ void User1Signal(int sig) { - App::App(int argc, char** argv): - pam(conv, static_cast<void*>(&LoginPanel)){ - #else --App::App(int argc, char** argv){ -+App::App(int argc, char** argv) : mcookiesize(32) { - #endif - int tmp; - ServerPID = -1; -+ serverStarted = false; - testing = false; -- mcookie = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; -+ mcookie = string(App::mcookiesize, 'a'); - daemonmode = false; - force_nodaemon = false; - firstlogin = true; -@@ -856,6 +914,8 @@ int App::StartServer() { - char* args = new char[argOption.length()+2]; // NULL plus vt - strcpy(args, argOption.c_str()); - -+ serverStarted = false; -+ - int argc = 1; - int pos = 0; - bool hasVtSet = false; -@@ -935,7 +995,7 @@ int App::StartServer() { - } - - delete args; -- -+ serverStarted = true; - return ServerPID; - } - -@@ -1127,13 +1187,13 @@ string App::findValidRandomTheme(const string& set) - name = name.substr(0, name.length() - 1); - } - -- srandom(getpid()+time(NULL)); -+ Util::srandom(Util::makeseed()); - - vector<string> themes; - string themefile; - Cfg::split(themes, name, ','); - do { -- int sel = random() % themes.size(); -+ int sel = Util::random() % themes.size(); - - name = Cfg::Trim(themes[sel]); - themefile = string(THEMESDIR) +"/" + name + THEMESFILE; -@@ -1159,34 +1219,32 @@ void App::replaceVariables(string& input, - } - } - -- -+/* -+ * We rely on the fact that all bits generated by Util::random() -+ * are usable, so we are taking full words from its output. -+ */ - void App::CreateServerAuth() { - /* create mit cookie */ -- int i, r; -- int hexcount = 0; -- string authfile; -- string cmd; -+ uint16_t word; -+ uint8_t hi, lo; -+ int i; -+ string authfile; - const char *digits = "0123456789abcdef"; -- srand( time(NULL) ); -- for ( i = 0; i < 31; i++ ) { -- r = rand()%16; -- mcookie[i] = digits[r]; -- if (r>9) -- hexcount++; -+ Util::srandom(Util::makeseed()); -+ for (i = 0; i < App::mcookiesize; i+=4) { -+ word = Util::random() & 0xffff; -+ lo = word & 0xff; -+ hi = word >> 8; -+ mcookie[i] = digits[lo & 0x0f]; -+ mcookie[i+1] = digits[lo >> 4]; -+ mcookie[i+2] = digits[hi & 0x0f]; -+ mcookie[i+3] = digits[hi >> 4]; - } -- /* MIT-COOKIE: even occurrences of digits and hex digits */ -- if ((hexcount%2) == 0) { -- r = rand()%10; -- } else { -- r = rand()%5+10; -- } -- mcookie[31] = digits[r]; - /* reinitialize auth file */ - authfile = cfg->getOption("authfile"); - remove(authfile.c_str()); - putenv(StrConcat("XAUTHORITY=", authfile.c_str())); -- cmd = cfg->getOption("xauth_path") + " -q -f " + authfile + " add :0 . " + mcookie; -- system(cmd.c_str()); -+ Util::add_mcookie(mcookie, ":0", cfg->getOption("xauth_path"), authfile); - } - - char* App::StrConcat(const char* str1, const char* str2) { Index: patches/patch-app_h =================================================================== RCS file: patches/patch-app_h diff -N patches/patch-app_h --- patches/patch-app_h 5 Nov 2009 19:05:12 -0000 1.2 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,37 +0,0 @@ -$OpenBSD: patch-app_h,v 1.2 2009/11/05 19:05:12 landry Exp $ ---- app.h.orig Fri Sep 26 02:54:15 2008 -+++ app.h Wed Oct 28 19:30:39 2009 -@@ -28,6 +28,16 @@ - #include "PAM.h" - #endif - -+#include <string> -+ -+namespace Util { -+ bool add_mcookie(const std::string &mcookie, const char *display, -+ const std::string &xauth_cmd, const std::string &authfile); -+ void srandom(unsigned long seed); -+ long random(void); -+ long makeseed(void); -+}; -+ - class App { - public: - App(int argc, char** argv); -@@ -36,6 +46,7 @@ class App { (public) - int GetServerPID(); - void StopServer(); - -+ bool serverStarted; - // Lock functions - void GetLock(); - void RemoveLock(); -@@ -101,6 +112,8 @@ class App { (public) - - std::string themeName; - std::string mcookie; -+ -+ const int mcookiesize; - }; - - Index: patches/patch-slim_conf =================================================================== RCS file: /cvs/ports/x11/slim/patches/patch-slim_conf,v retrieving revision 1.4 diff -u -r1.4 patch-slim_conf --- patches/patch-slim_conf 5 Nov 2009 19:05:12 -0000 1.4 +++ patches/patch-slim_conf 23 Aug 2010 19:46:50 -0000 @@ -1,17 +1,16 @@ $OpenBSD: patch-slim_conf,v 1.4 2009/11/05 19:05:12 landry Exp $ ---- slim.conf.orig Fri Sep 26 02:54:15 2008 -+++ slim.conf Thu Nov 5 19:02:22 2009 -@@ -1,17 +1,18 @@ +--- slim.conf.orig Thu Jul 8 07:04:10 2010 ++++ slim.conf Mon Aug 23 21:40:33 2010 +@@ -1,17 +1,17 @@ # Path, X server and arguments (if needed) # Note: -xauth $authfile is automatically appended --default_path ./:/bin:/usr/bin:/usr/local/bin +-default_path /bin:/usr/bin:/usr/local/bin -default_xserver /usr/bin/X -#xserver_arguments -dpi 75 -+default_path ./:/bin:/usr/bin:${LOCALBASE}/bin:${X11BASE}/bin ++default_path :/bin:/usr/bin:${LOCALBASE}/bin:${X11BASE}/bin +default_xserver ${X11BASE}/bin/X +xserver_arguments vt05 -+ # Commands for halt, login, etc. -halt_cmd /sbin/shutdown -h now +halt_cmd /sbin/shutdown -ph now @@ -26,7 +25,7 @@ # Xauth file for server authfile /var/run/slim.auth -@@ -32,8 +33,8 @@ authfile /var/run/slim.auth +@@ -32,8 +32,8 @@ authfile /var/run/slim.auth # NOTE: if your system does not have bash you need # to adjust the command according to your preferred shell, # i.e. for freebsd use: @@ -37,7 +36,7 @@ # Commands executed when starting and exiting a session. # They can be used for registering a X11 session with -@@ -54,7 +55,7 @@ login_cmd exec /bin/bash -login ~/.xinitrc % +@@ -54,7 +54,7 @@ login_cmd exec /bin/bash -login ~/.xinitrc % sessions xfce4,icewm,wmaker,blackbox # Executed when pressing F11 (requires imagemagick) @@ -46,7 +45,7 @@ # welcome message. Available variables: %host, %domain welcome_msg Welcome to %host -@@ -84,7 +85,7 @@ reboot_msg The system is rebooting... +@@ -84,7 +84,7 @@ reboot_msg The system is rebooting... current_theme default # Lock file Index: patches/patch-switchuser_cpp =================================================================== RCS file: /cvs/ports/x11/slim/patches/patch-switchuser_cpp,v retrieving revision 1.2 diff -u -r1.2 patch-switchuser_cpp --- patches/patch-switchuser_cpp 10 Jul 2010 10:46:52 -0000 1.2 +++ patches/patch-switchuser_cpp 23 Aug 2010 19:46:50 -0000 @@ -1,16 +1,7 @@ $OpenBSD: patch-switchuser_cpp,v 1.2 2010/07/10 10:46:52 armani Exp $ ---- switchuser.cpp.orig Fri Sep 26 02:54:15 2008 -+++ switchuser.cpp Fri Jul 9 22:23:47 2010 -@@ -10,7 +10,7 @@ - */ - - #include "switchuser.h" -- -+#include "app.h" - using namespace std; - - SwitchUser::SwitchUser(struct passwd *pw, Cfg *c, const string& display, -@@ -37,6 +37,8 @@ void SwitchUser::Login(const char* cmd, const char* mc +--- switchuser.cpp.orig Thu Jul 8 07:04:10 2010 ++++ switchuser.cpp Mon Aug 23 21:36:45 2010 +@@ -39,6 +39,8 @@ void SwitchUser::Login(const char* cmd, const char* mc void SwitchUser::SetUserId() { if( (Pw == 0) || @@ -19,16 +10,3 @@ (initgroups(Pw->pw_name, Pw->pw_gid) != 0) || (setgid(Pw->pw_gid) != 0) || (setuid(Pw->pw_uid) != 0) ) { -@@ -53,10 +55,9 @@ void SwitchUser::Execute(const char* cmd) { - } - - void SwitchUser::SetClientAuth(const char* mcookie) { -- int r; -+ bool r; - string home = string(Pw->pw_dir); - string authfile = home + "/.Xauthority"; - remove(authfile.c_str()); -- string cmd = cfg->getOption("xauth_path") + " -q -f " + authfile + " add :0 . " + mcookie; -- r = system(cmd.c_str()); -+ r = Util::add_mcookie(mcookie, ":0", cfg->getOption("xauth_path"), authfile); - }
