Ensure proper .ICEauthority permissions, this may fail on NFS, but who

Wed May 26 17:34:51 2004 George Lebl <jirka@5z.com> * daemon/slave.c: Ensure proper .ICEauthority permissions, this may fail on NFS, but who cares, there if it breaks it's beyond our fixage anyway. Should alievate problems from #137345, though that bug is really in libice usage and gnome-session. libice is incredibly evil. * utils/gdmtranslate.c: fix with the forte compiler, patch fromn Brian Cameron, fixes #137600
author: George Lebl <jirka@5z.com> 2004-05-27 00:35:00 +0000
committer: George Lebl <jirka@src.gnome.org> 2004-05-27 00:35:00 +0000
commit: 883d9163c7dee217368dba102ee9e0d4ac2e669a (patch)
tree: 08c9560edba9b2f53e76f16f15e0266c2f1b949f
parent: 7727d7fba8904ad588d5d8bd215ef94c02d8b960 (diff)
download: gdm-883d9163c7dee217368dba102ee9e0d4ac2e669a.tar.gz
3 files changed, 48 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index 927ba5f2..17f4329d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+Wed May 26 17:34:51 2004  George Lebl <jirka@5z.com>
+
+	* daemon/slave.c: Ensure proper .ICEauthority permissions, this
+	  may fail on NFS, but who cares, there if it breaks it's beyond
+	  our fixage anyway.  Should alievate problems from #137345, though
+	  that bug is really in libice usage and gnome-session.  libice is
+	  incredibly evil.
+
+	* utils/gdmtranslate.c: fix with the forte compiler, patch fromn
+	  Brian Cameron, fixes #137600
+
 Wed May 26 17:01:16 2004  George Lebl <jirka@5z.com>
 
 	* gui/gdmsetup.c, daemon/misc.c: use shell quoting more properly
diff --git a/daemon/slave.c b/daemon/slave.c
index f5a2d81c..f733d0db 100644
--- a/daemon/slave.c
+++ b/daemon/slave.c
@@ -3529,6 +3529,32 @@ session_child_run (struct passwd *pwent,
 	VE_IGNORE_EINTR (chdir (home_dir));
 	if G_UNLIKELY (errno != 0) {
 		VE_IGNORE_EINTR (chdir ("/"));
+	} else if (pwent->pw_uid != 0) {
+		if (seteuid (pwent->pw_uid) == 0 &&
+		    access (".ICEauthority", F_OK) == 0) {
+			/* sanitize .ICEauthority to be of the correct
+			 * permissions, if it exists */
+			struct stat s;
+			if (stat (home_dir, &s) == 0 &&
+			    s.st_uid == pwent->pw_uid &&
+			    stat (".ICEauthority", &s) &&
+			    S_ISREG (s.st_mode) &&
+			    (s.st_uid != pwent->pw_uid ||
+			     s.st_gid != pwent->pw_gid ||
+			     (s.st_mode & (S_IRWXG|S_IRWXO)))) {
+				/* This may not work on NFS, but oh well, there
+				 * this is beyond our help, but it's unlikely
+				 * that it got screwed up when NFS was used
+				 * in the first place */
+				seteuid (0);
+				/* only if we own the current directory */
+				chown (".ICEauthority",
+				       pwent->pw_uid,
+				       pwent->pw_gid);
+				chmod (".ICEauthority", S_IRUSR | S_IWUSR);
+			}
+		}
+		seteuid (0);
 	}
 
 #ifdef HAVE_LOGINCAP
diff --git a/utils/gdmtranslate.c b/utils/gdmtranslate.c
index 2178a871..da8aabb9 100644
--- a/utils/gdmtranslate.c
+++ b/utils/gdmtranslate.c
@@ -1,9 +1,19 @@
 #include "config.h"
-#include <libgnome/libgnome.h>
 #include <stdio.h>
 #include <locale.h>
 #include <string.h>
 
+#define gboolean char
+#define FALSE 0
+#define TRUE 1
+
+#ifdef ENABLE_NLS
+#include <libintl.h>
+#define _(String) gettext(String)
+#else /* !ENABLE_NLS */
+#define _(String) (String)
+#endif
+
 int
 main (int argc, char *argv[])
 {
author	George Lebl <jirka@5z.com>	2004-05-27 00:35:00 +0000
committer	George Lebl <jirka@src.gnome.org>	2004-05-27 00:35:00 +0000
commit	883d9163c7dee217368dba102ee9e0d4ac2e669a (patch)
tree	08c9560edba9b2f53e76f16f15e0266c2f1b949f
parent	7727d7fba8904ad588d5d8bd215ef94c02d8b960 (diff)
download	gdm-883d9163c7dee217368dba102ee9e0d4ac2e669a.tar.gz