diff options
| author | George Lebl <jirka@5z.com> | 2001-10-04 03:36:48 +0000 |
|---|---|---|
| committer | George Lebl <jirka@src.gnome.org> | 2001-10-04 03:36:48 +0000 |
| commit | 2a2a3e4dce44d62258a6fb2d620c0337cdb646a7 (patch) | |
| tree | 1b5ef00a56c1d17d63c0b09224c89e9408f772ea /daemon | |
| parent | e0b5f048f428b96a3cf2adbcc368a223f44751e9 (diff) | |
| download | gdm-2a2a3e4dce44d62258a6fb2d620c0337cdb646a7.tar.gz | |
ensure the /tmp/.ICE-unix directory. Hopefully we're correct.
Wed Oct 03 20:26:27 2001 George Lebl <jirka@5z.com>
* daemon/misc.[ch], daemon/slave.[ch]: ensure the /tmp/.ICE-unix
directory. Hopefully we're correct.
* daemon/server.c: when running server as root, unset suplementary
groups and set group to 0. So that the files X creates it creates
with gid 0 as well rather then with the 'gdm' group name.
Diffstat (limited to 'daemon')
| -rw-r--r-- | daemon/misc.c | 30 | ||||
| -rw-r--r-- | daemon/misc.h | 5 | ||||
| -rw-r--r-- | daemon/server.c | 10 | ||||
| -rw-r--r-- | daemon/slave.c | 3 |
4 files changed, 48 insertions, 0 deletions
diff --git a/daemon/misc.c b/daemon/misc.c index e1ba1351..7614324d 100644 --- a/daemon/misc.c +++ b/daemon/misc.c @@ -459,4 +459,34 @@ gdm_safe_fork (pid_t *pid) sigprocmask (SIG_SETMASK, &oldmask, NULL); } +/* done before each login. This can do so sanity ensuring, + * one of the things it does now is make sure /tmp/.ICE-unix + * exists and has the correct permissions */ +void +gdm_ensure_sanity (void) +{ + mode_t old_umask; + + /* The /tmp/.ICE-unix check, note that we do + * ignore errors, since it's not deadly to run + * if we can't perform this task :) */ + old_umask = umask (0); + + if (mkdir ("/tmp/.ICE-unix", 0777) == 0) { + /* Make sure it is root */ + if (chown ("/tmp/.ICE-unix", 0, 0) == 0) + chmod ("/tmp/.ICE-unix", 02777); + } else { + struct stat s; + if (lstat ("/tmp/.ICE-unix", &s) == 0 && + S_ISDIR (s.st_mode)) { + /* Make sure it is root and sticky */ + if (chown ("/tmp/.ICE-unix", 0, 0) == 0) + chmod ("/tmp/.ICE-unix", 02777); + } + } + + umask (old_umask); +} + /* EOF */ diff --git a/daemon/misc.h b/daemon/misc.h index 46b9ae64..b01bed4e 100644 --- a/daemon/misc.h +++ b/daemon/misc.h @@ -37,6 +37,11 @@ gboolean gdm_text_message_dialog (const char *msg); gboolean gdm_text_yesno_dialog (const char *msg, gboolean *ret); int gdm_exec_wait (char * const *argv, gboolean no_display); +/* done before each login. This can do so sanity ensuring, + * one of the things it does now is make sure /tmp/.ICE-unix + * exists and has the correct permissions */ +void gdm_ensure_sanity (void); + /* This is a race free fork, that is the pid will * be set before sigchld is sent. This is achieved by * blocking sigchld for the moment */ diff --git a/daemon/server.c b/daemon/server.c index 796b7010..92641e72 100644 --- a/daemon/server.c +++ b/daemon/server.c @@ -731,6 +731,16 @@ gdm_server_spawn (GdmDisplay *d) "gdm_server_spawn", (int)d->server_uid); _exit (SERVER_ABORT); } + } else { + gid_t groups[1] = { 0 }; + if (setgid (0) < 0) { + gdm_error (_("%s: Couldn't set groupid to 0"), + "gdm_server_spawn"); + /* Don't error out, it's not fatal, if it fails we'll + * just still be */ + } + /* this will get rid of any suplementary groups etc... */ + setgroups (1, groups); } execv (argv[0], argv); diff --git a/daemon/slave.c b/daemon/slave.c index be386390..28f39dc1 100644 --- a/daemon/slave.c +++ b/daemon/slave.c @@ -1865,6 +1865,9 @@ gdm_slave_session_start (void) gdm_slave_whack_greeter (); } + /* Ensure some sanity in this world */ + gdm_ensure_sanity (); + if (GdmKillInitClients) gdm_server_whack_clients (d); |