On 30/06/2015 15:12, Ray Strode wrote:
This is a build fix for MinGW
...
Move the check if NO_LOCAL_CLIENT_CRED should be defined to before it's first
use.
Well, Alan wondered if anyone is actually using NO_LOCAL_CLIENT_CRED, now we
know!
Patch doesn't look wrong to me, but I wonder if maybe it should get put in
configure.ac?
I think that's a more typical place for platform specific definitions.
Yes, I think so. Revised patch attached.
I've tested this a few ways and it seems to be working correctly, but
it's hard for me to be sure that this is doing the correct thing on all
targets.
From f44b1021f5f3a6227fd62fba29f11917ecd25013 Mon Sep 17 00:00:00 2001
From: Jon TURNEY <jon.tur...@dronecode.org.uk>
Date: Mon, 29 Jun 2015 19:46:51 +0100
Subject: [PATCH] Fix NO_LOCAL_CLIENT_CRED build (v2)
This is a build fix for MinGW
Commit 4b4b9086 "os: support new implicit local user access mode [CVE-2015-3164
2/3]" carefully places the relevant code it adds under !NO_LOCAL_CLIENT_CRED,
but unfortunately doesn't notice that NO_LOCAL_CLIENT_CRED is defined as a
side-effect in the middle of GetLocalClientCreds(), so many of these checks
precede it's definition.
Move the check if NO_LOCAL_CLIENT_CRED should be defined to configure.ac, so it
always occurs before it's first use.
Signed-off-by: Jon TURNEY <jon.tur...@dronecode.org.uk>
Cc: Ray Strode <rstr...@redhat.com>
---
configure.ac | 23 +++++++++++++++++++++++
include/dix-config.h.in | 3 +++
os/access.c | 1 -
3 files changed, 26 insertions(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index 328563e..f0f2995 100644
--- a/configure.ac
+++ b/configure.ac
@@ -223,6 +223,29 @@ AC_REPLACE_FUNCS([reallocarray strcasecmp strcasestr
strlcat strlcpy strndup])
AC_CHECK_DECLS([program_invocation_short_name], [], [], [[#include <errno.h>]])
+dnl Check for SO_PEERCRED #define
+AC_MSG_CHECKING([for SO_PEERCRED in sys/socket.h])
+AC_EGREP_CPP(yes_have_so_peercred,[
+#include <sys/types.h>
+#include <sys/socket.h>
+#ifdef SO_PEERCRED
+yes_have_so_peercred
+#endif
+],
+[
+ have_so_peercred=yes
+ AC_MSG_RESULT([yes])
+],
+[
+ have_so_peercred=no
+ AC_MSG_RESULT([no])
+])
+
+dnl define NO_LOCAL_CLIENT_CRED if no getpeereid, getpeerucred or SO_PEERCRED
+if test "x$ac_cv_func_getpeereid" = xno && test "x$ac_cv_func_getpeerucred" =
xno && test "x$have_so_peercred" = xno ; then
+ AC_DEFINE([NO_LOCAL_CLIENT_CRED], 1, [Define to 1 if no local socket
credentials interface exists])
+fi
+
dnl Find the math libary, then check for cbrt function in it.
AC_CHECK_LIB(m, sqrt)
AC_CHECK_FUNCS([cbrt])
diff --git a/include/dix-config.h.in b/include/dix-config.h.in
index c2ba434..daaff8d 100644
--- a/include/dix-config.h.in
+++ b/include/dix-config.h.in
@@ -518,4 +518,7 @@
/* Listen on local socket */
#undef LISTEN_LOCAL
+/* Define if no local socket credentials interface exists */
+#undef NO_LOCAL_CLIENT_CRED
+
#endif /* _DIX_CONFIG_H_ */
diff --git a/os/access.c b/os/access.c
index 75e7a69..54f0690 100644
--- a/os/access.c
+++ b/os/access.c
@@ -1221,7 +1221,6 @@ GetLocalClientCreds(ClientPtr client, LocalClientCredRec
** lccp)
#endif
#else
/* No system call available to get the credentials of the peer */
-#define NO_LOCAL_CLIENT_CRED
return -1;
#endif
}
--
2.1.4
_______________________________________________
xorg-devel@lists.x.org: X.Org development
Archives: http://lists.x.org/archives/xorg-devel
Info: http://lists.x.org/mailman/listinfo/xorg-devel
