Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 24 Mar 2013 17:15:59 +0100 (CET)
From:      Klaus Aehlig <aehlig@linta.de>
To:        FreeBSD-gnats-submit@freebsd.org
Subject:   ports/177347: [patch] x11/xtrlock needs to run setuid root
Message-ID:  <20130324161559.CBB6E385558@howard.linta.de>
Resent-Message-ID: <201303241630.r2OGU1xM085311@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         177347
>Category:       ports
>Synopsis:       [patch] x11/xtrlock needs to run setuid root
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Mar 24 16:30:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator:     Klaus Aehlig
>Release:        FreeBSD 9.1-STABLE amd64
>Organization:
>Environment:
System: FreeBSD howard.linta.de 9.1-STABLE FreeBSD 9.1-STABLE #9 r246978: Wed Feb 20 08:46:40 CET 2013 root@howard.linta.de:/usr/obj/usr/src/sys/GENERIC amd64

>Description:

	xtrlock(1) obtains the crypted password of the user by calling
	getpwuid(3). For this to work, root priviliges are needed. Hence
	xtrlock should run as a setuid root binary (as it was, before the
	port was updated to version 2.2).

>How-To-Repeat:

	Install x11/xtrlock and run as unpriviliged user. Instead of locking
        the screen, xtrlock outputs the error message "password entry has no pwd".

>Fix:

	Apply the following patch.

--- xtrlock.diff begins here ---
diff -ruN xtrlock.orig/Makefile xtrlock/Makefile
--- xtrlock.orig/Makefile	2013-03-24 16:58:29.000000000 +0100
+++ xtrlock/Makefile	2013-03-24 17:00:23.000000000 +0100
@@ -3,6 +3,7 @@
 
 PORTNAME=	xtrlock
 PORTVERSION=	2.2
+PORTREVISION=	1
 CATEGORIES=	x11
 MASTER_SITES=	DEBIAN
 DISTNAME=	${PORTNAME}_${PORTVERSION}
@@ -21,6 +22,7 @@
 
 MAN1=		xtrlock.1
 PLIST_FILES=	bin/xtrlock
+BINMODE=	4555
 
 post-extract:
 	@${LN} -sf xtrlock.man ${WRKSRC}/xtrlock.1
--- xtrlock.diff ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130324161559.CBB6E385558>