On 01/07/2015 15:11, Ray Strode wrote:
Yes, I think so. Revised patch attached.
I've tested this a few ways and it seems to be working correctly, but
it's hard for me to be sure that this is doing the correct thing on all
targets.
Thanks for working on this! Seems right to me. My only
comment is I think have_so_peercred could be prefixed with
xorg_cv_sys_ / AC_CACHE_CHECK could be used to interface with
configure's caching mechanism, but I don't think that really matters.
Makes sense. Revised patch attached.
From 3b2b66694214700404e3334a694921b991a46a95 Mon Sep 17 00:00:00 2001
From: Jon TURNEY <jon.tur...@dronecode.org.uk>
Date: Mon, 29 Jun 2015 19:46:51 +0100
Subject: [PATCH] Fix NO_LOCAL_CLIENT_CRED build (v3)
This is a build fix for MinGW
Commit 4b4b9086 "os: support new implicit local user access mode [CVE-2015-3164
2/3]" carefully places the relevant code it adds under !NO_LOCAL_CLIENT_CRED,
but unfortunately doesn't notice that NO_LOCAL_CLIENT_CRED is defined as a
side-effect in the middle of GetLocalClientCreds(), so many of these checks
precede it's definition.
Move the check if NO_LOCAL_CLIENT_CRED should be defined to configure.ac, so it
always occurs before it's first use.
v2:
Move check to configure.ac
v3:
Use AC_CACHE_CHECK and name cache varaible appropriately
Cc: Ray Strode <rstr...@redhat.com>
Signed-off-by: Jon TURNEY <jon.tur...@dronecode.org.uk>
---
configure.ac | 18 ++++++++++++++++++
include/dix-config.h.in | 3 +++
os/access.c | 1 -
3 files changed, 21 insertions(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index 328563e..c0c5fc5 100644
--- a/configure.ac
+++ b/configure.ac
@@ -223,6 +223,24 @@ AC_REPLACE_FUNCS([reallocarray strcasecmp strcasestr
strlcat strlcpy strndup])
AC_CHECK_DECLS([program_invocation_short_name], [], [], [[#include <errno.h>]])
+dnl Check for SO_PEERCRED #define
+AC_CACHE_CHECK([for SO_PEERCRED in sys/socket.h],
+ [xorg_cv_sys_have_so_peercred],
+ [AC_EGREP_CPP(yes_have_so_peercred,[
+#include <sys/types.h>
+#include <sys/socket.h>
+#ifdef SO_PEERCRED
+yes_have_so_peercred
+#endif
+],
+ [xorg_cv_sys_have_so_peercred=yes],
+ [xorg_cv_sys_have_so_peercred=no])])
+
+dnl define NO_LOCAL_CLIENT_CRED if no getpeereid, getpeerucred or SO_PEERCRED
+if test "x$ac_cv_func_getpeereid" = xno && test "x$ac_cv_func_getpeerucred" =
xno && test "x$xorg_cv_sys_have_so_peercred" = xno ; then
+ AC_DEFINE([NO_LOCAL_CLIENT_CRED], 1, [Define to 1 if no local socket
credentials interface exists])
+fi
+
dnl Find the math libary, then check for cbrt function in it.
AC_CHECK_LIB(m, sqrt)
AC_CHECK_FUNCS([cbrt])
diff --git a/include/dix-config.h.in b/include/dix-config.h.in
index c2ba434..daaff8d 100644
--- a/include/dix-config.h.in
+++ b/include/dix-config.h.in
@@ -518,4 +518,7 @@
/* Listen on local socket */
#undef LISTEN_LOCAL
+/* Define if no local socket credentials interface exists */
+#undef NO_LOCAL_CLIENT_CRED
+
#endif /* _DIX_CONFIG_H_ */
diff --git a/os/access.c b/os/access.c
index 75e7a69..54f0690 100644
--- a/os/access.c
+++ b/os/access.c
@@ -1221,7 +1221,6 @@ GetLocalClientCreds(ClientPtr client, LocalClientCredRec
** lccp)
#endif
#else
/* No system call available to get the credentials of the peer */
-#define NO_LOCAL_CLIENT_CRED
return -1;
#endif
}
--
2.1.4
_______________________________________________
xorg-devel@lists.x.org: X.Org development
Archives: http://lists.x.org/archives/xorg-devel
Info: http://lists.x.org/mailman/listinfo/xorg-devel
