From owner-freebsd-ports-bugs@FreeBSD.ORG Wed Jun 22 20:00:22 2011 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B6DED1065676 for ; Wed, 22 Jun 2011 20:00:22 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id E7A488FC19 for ; Wed, 22 Jun 2011 20:00:20 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p5MK0KUk048265 for ; Wed, 22 Jun 2011 20:00:20 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p5MK0K4t048264; Wed, 22 Jun 2011 20:00:20 GMT (envelope-from gnats) Resent-Date: Wed, 22 Jun 2011 20:00:20 GMT Resent-Message-Id: <201106222000.p5MK0K4t048264@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Edward Tomasz Napierala Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8BA7A106566B for ; Wed, 22 Jun 2011 19:54:37 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22]) by mx1.freebsd.org (Postfix) with ESMTP id 71BBD8FC0A for ; Wed, 22 Jun 2011 19:54:37 +0000 (UTC) Received: from red.freebsd.org (localhost [127.0.0.1]) by red.freebsd.org (8.14.4/8.14.4) with ESMTP id p5MJsbRI064623 for ; Wed, 22 Jun 2011 19:54:37 GMT (envelope-from nobody@red.freebsd.org) Received: (from nobody@localhost) by red.freebsd.org (8.14.4/8.14.4/Submit) id p5MJsbwr064622; Wed, 22 Jun 2011 19:54:37 GMT (envelope-from nobody) Message-Id: <201106221954.p5MJsbwr064622@red.freebsd.org> Date: Wed, 22 Jun 2011 19:54:37 GMT From: Edward Tomasz Napierala To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: ports/158174: x11/gdm: fix call to setusercontext(3) X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Jun 2011 20:00:22 -0000 >Number: 158174 >Category: ports >Synopsis: x11/gdm: fix call to setusercontext(3) >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Jun 22 20:00:20 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Edward Tomasz Napierala >Release: >Organization: >Environment: >Description: As it is now, the setusercontext(3) call in gdm is missing a few flags. Attached patch fixes that by implicitly adding LOGIN_SETLOGINCLASS (neccessary for rctl resource limits), LOGIN_SETCPUMASK and LOGIN_SETMAC. Note that I've not been able to test the MAC part. >How-To-Repeat: >Fix: Patch attached with submission follows: Index: Makefile =================================================================== RCS file: /home/pcvs/ports/x11/gdm/Makefile,v retrieving revision 1.137 diff -u -r1.137 Makefile --- Makefile 29 Mar 2011 13:40:09 -0000 1.137 +++ Makefile 22 Jun 2011 19:53:11 -0000 @@ -8,7 +8,7 @@ PORTNAME= gdm PORTVERSION= 2.30.5 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= x11 gnome MASTER_SITES= GNOME DIST_SUBDIR= gnome2 Index: files/patch-daemon_gdm-session-worker.c =================================================================== RCS file: /home/pcvs/ports/x11/gdm/files/patch-daemon_gdm-session-worker.c,v retrieving revision 1.4 diff -u -r1.4 patch-daemon_gdm-session-worker.c --- files/patch-daemon_gdm-session-worker.c 29 Mar 2011 13:40:09 -0000 1.4 +++ files/patch-daemon_gdm-session-worker.c 22 Jun 2011 19:53:11 -0000 @@ -1,5 +1,5 @@ --- daemon/gdm-session-worker.c.orig 2010-08-11 19:40:07.000000000 +0200 -+++ daemon/gdm-session-worker.c 2011-03-29 10:37:37.000000000 +0200 ++++ daemon/gdm-session-worker.c 2011-06-22 21:44:30.000000000 +0200 @@ -31,6 +31,9 @@ #include #include @@ -10,7 +10,7 @@ #ifdef HAVE_LOGINDEVPERM #include -@@ -341,7 +344,7 @@ gdm_session_execute (const char *file, +@@ -341,7 +344,7 @@ * what to search if PATH is unset. POSIX may, dunno. */ @@ -19,7 +19,7 @@ } len = strlen (file) + 1; -@@ -1035,17 +1038,6 @@ gdm_cache_copy_file (GdmSessionWorker *w +@@ -1035,17 +1038,6 @@ error->message); g_error_free (error); } else { @@ -37,7 +37,7 @@ g_debug ("Copy successful"); } -@@ -1183,7 +1175,23 @@ gdm_session_worker_uninitialize_pam (Gdm +@@ -1183,7 +1175,23 @@ return; if (worker->priv->state >= GDM_SESSION_WORKER_STATE_SESSION_OPENED) { @@ -62,7 +62,7 @@ pam_close_session (worker->priv->pam_handle, 0); gdm_session_auditor_report_logout (worker->priv->auditor); -@@ -2027,15 +2035,16 @@ gdm_session_worker_start_user_session (G +@@ -2027,15 +2035,16 @@ char *cachedirname; char *home_dir; int fd; @@ -83,16 +83,12 @@ if (setsid () < 0) { g_debug ("GdmSessionWorker: could not set pid '%u' as leader of new session and process group - %s", -@@ -2043,6 +2052,28 @@ gdm_session_worker_start_user_session (G +@@ -2043,6 +2052,24 @@ _exit (2); } +#ifdef HAVE_LOGINCAP -+ if (setusercontext (NULL, pwent, pwent->pw_uid, -+ LOGIN_SETLOGIN | LOGIN_SETPATH | -+ LOGIN_SETPRIORITY | LOGIN_SETRESOURCES | -+ LOGIN_SETUMASK | LOGIN_SETUSER | -+ LOGIN_SETENV) < 0) { ++ if (setusercontext (NULL, pwent, pwent->pw_uid, LOGIN_SETALL & ~LOGIN_SETGROUP) < 0) { + g_debug ("%s: setusercontext () failed for %s. " + "Aborting.", "gdm_session_worker_start_user_session", + login ? login : "(null)"); >Release-Note: >Audit-Trail: >Unformatted: