aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorUlrich Müller <ulm@gentoo.org>2015-01-23 13:21:05 +0100
committerUlrich Müller <ulm@gentoo.org>2015-01-23 13:21:05 +0100
commitd0ddaf8a01882ea2b0f1c4b56f467cc828c6887d (patch)
tree942982ccf282c8af7db3add25d8474418959c9b5
parentDon't shadow load-path in gnus, bug 537156. (diff)
downloademacs-patches-d0ddaf8a01882ea2b0f1c4b56f467cc828c6887d.tar.gz
emacs-patches-d0ddaf8a01882ea2b0f1c4b56f467cc828c6887d.tar.bz2
emacs-patches-d0ddaf8a01882ea2b0f1c4b56f467cc828c6887d.zip
Backport support for update-game-score to run sgid instead of suid.emacs-24.4-patches-3
-rw-r--r--emacs/23.4/23_all_games-sgid.patch232
-rw-r--r--emacs/24.4/04_all_games-sgid.patch226
2 files changed, 458 insertions, 0 deletions
diff --git a/emacs/23.4/23_all_games-sgid.patch b/emacs/23.4/23_all_games-sgid.patch
new file mode 100644
index 0000000..c69d089
--- /dev/null
+++ b/emacs/23.4/23_all_games-sgid.patch
@@ -0,0 +1,232 @@
+Backport support for update-game-score to run sgid instead of suid.
+This comprises parts of the following commits from upstream git:
+
+commit 74ab488ff2e57f31eb5290266f0f3b1995ebf83e
+Author: Paul Eggert <eggert@cs.ucla.edu>
+Date: Thu Jan 22 00:39:30 2015 -0800
+
+ Check exit statuses in lib-src/Makefile
+
+commit 7f4e7dd378c456b498c270b47b46aaae365a72ab
+Author: Ulrich Müller <ulm@gentoo.org>
+Date: Thu Jan 22 08:24:42 2015 +0100
+
+ Don't fail if chown or chgrp for 'update-game-score' is unsuccessful.
+
+commit 20f66485526b69eb26f2e70bd835a5e1333559d5
+Author: Ulrich Müller <ulm@gentoo.org>
+Date: Fri Jan 16 09:25:25 2015 +0100
+
+ Allow update-game-score to run sgid instead of suid.
+
+--- emacs-23.4-orig/configure.in
++++ emacs-23.4/configure.in
+@@ -39,8 +39,6 @@
+ docdir='${datadir}/emacs/${version}/etc'
+ gamedir='${localstatedir}/games/emacs'
+
+-gameuser=games
+-
+ dnl OPTION_DEFAULT_OFF(NAME, HELP-STRING)
+ dnl Create a new --with option that defaults to being disabled.
+ dnl NAME is the base name of the option. The shell variable with_NAME
+@@ -176,10 +174,25 @@
+ CRT_DIR="${with_crt_dir}"
+
+ AC_ARG_WITH(gameuser,dnl
+-[AS_HELP_STRING([--with-gameuser=USER],[user for shared game score files])])
+-test "X${with_gameuser}" != X && test "${with_gameuser}" != yes \
+- && gameuser="${with_gameuser}"
+-test "X$gameuser" = X && gameuser=games
++[AS_HELP_STRING([--with-gameuser=USER_OR_GROUP],
++ [user for shared game score files.
++ An argument prefixed by ':' specifies a group instead.])])
++gameuser=
++gamegroup=
++case ${with_gameuser} in
++ no) ;;
++ "" | yes)
++ AC_MSG_CHECKING([whether a 'games' user exists])
++ if id -u games >/dev/null 2>&1; then
++ AC_MSG_RESULT([yes])
++ gameuser=games
++ else
++ AC_MSG_RESULT([no])
++ fi
++ ;;
++ :*) gamegroup=`echo "${with_gameuser}" | sed -e "s/://"` ;;
++ *) gameuser=${with_gameuser} ;;
++esac
+
+ AC_ARG_WITH([gnustep-conf],dnl
+ [AS_HELP_STRING([--with-gnustep-conf=PATH],[path to GNUstep.conf; default $GNUSTEP_CONFIG_FILE, or /etc/GNUstep/GNUstep.conf])])
+@@ -2708,6 +2721,7 @@
+ AC_SUBST(bitmapdir)
+ AC_SUBST(gamedir)
+ AC_SUBST(gameuser)
++AC_SUBST(gamegroup)
+ AC_SUBST(c_switch_system)
+ AC_SUBST(c_switch_machine)
+ AC_SUBST(LD_SWITCH_X_SITE)
+--- emacs-23.4-orig/lib-src/Makefile.in
++++ emacs-23.4/lib-src/Makefile.in
+@@ -90,6 +90,7 @@
+
+ gamedir=@gamedir@
+ gameuser=@gameuser@
++gamegroup=@gamegroup@
+
+ # ==================== Utility Programs for the Build =================
+
+@@ -310,10 +311,25 @@
+ /* If the following commands fail, that is not a big deal.
+ update-game-score will detect at runtime that it is not setuid,
+ and handle things accordingly. */
+- -if chown ${gameuser} $(DESTDIR)${archlibdir}/update-game-score && chmod u+s $(DESTDIR)${archlibdir}/update-game-score; then \
+- chown ${gameuser} $(DESTDIR)${gamedir}; \
+- chmod u=rwx,g=rwx,o=rx $(DESTDIR)${gamedir}; \
++ifneq ($(gameuser),)
++ if chown ${gameuser} \
++ "$(DESTDIR)${archlibdir}/update-game-score${EXEEXT}" && \
++ chmod u+s,go-r \
++ "$(DESTDIR)${archlibdir}/update-game-score${EXEEXT}"; \
++ then \
++ chown ${gameuser} "$(DESTDIR)${gamedir}" && \
++ chmod u=rwx,g=rx,o=rx "$(DESTDIR)${gamedir}"; \
+ fi
++else ifneq ($(gamegroup),)
++ if chgrp ${gamegroup} \
++ "$(DESTDIR)${archlibdir}/update-game-score${EXEEXT}" && \
++ chmod g+s,o-r \
++ "$(DESTDIR)${archlibdir}/update-game-score${EXEEXT}"; \
++ then \
++ chgrp ${gamegroup} "$(DESTDIR)${gamedir}" && \
++ chmod u=rwx,g=rwx,o=rx "$(DESTDIR)${gamedir}"; \
++ fi
++endif
+ if [ `(cd $(DESTDIR)${archlibdir} && /bin/pwd)` \
+ != `(cd ${srcdir} && /bin/pwd)` ]; then \
+ for file in ${SCRIPTS}; do \
+--- emacs-23.4-orig/lib-src/update-game-score.c
++++ emacs-23.4/lib-src/update-game-score.c
+@@ -22,8 +22,8 @@
+
+
+ /* This program allows a game to securely and atomically update a
+- score file. It should be installed setuid, owned by an appropriate
+- user like `games'.
++ score file. It should be installed either setuid or setgid, owned
++ by an appropriate user or group like `games'.
+
+ Alternatively, it can be compiled without HAVE_SHARED_GAME_DIR
+ defined, and in that case it will store scores in the user's home
+@@ -104,8 +104,8 @@
+ int push_score P_ ((struct score_entry **scores, int *count,
+ int newscore, char *username, char *newdata));
+ void sort_scores P_ ((struct score_entry *scores, int count, int reverse));
+-int write_scores P_ ((const char *filename, const struct score_entry *scores,
+- int count));
++int write_scores P_ ((const char *filename, mode_t mode,
++ const struct score_entry *scores, int count));
+
+ void lose P_ ((const char *msg)) NO_RETURN;
+
+@@ -166,20 +166,21 @@
+ }
+
+ char *
+-get_prefix (running_suid, user_prefix)
+- int running_suid;
++get_prefix (privileged, user_prefix)
++ int privileged;
+ char *user_prefix;
+ {
+- if (!running_suid && user_prefix == NULL)
+- lose ("Not using a shared game directory, and no prefix given.");
+- if (running_suid)
++ if (privileged)
+ {
+ #ifdef HAVE_SHARED_GAME_DIR
+ return HAVE_SHARED_GAME_DIR;
+ #else
+- lose ("This program was compiled without HAVE_SHARED_GAME_DIR,\n and should not be suid.");
++ lose ("This program was compiled without HAVE_SHARED_GAME_DIR,\n"
++ "and should not run with elevated privileges.");
+ #endif
+ }
++ if (user_prefix == NULL)
++ lose ("Not using a shared game directory, and no prefix given.");
+ return user_prefix;
+ }
+
+@@ -188,7 +189,7 @@
+ int argc;
+ char **argv;
+ {
+- int c, running_suid;
++ int c, running_suid, running_sgid;
+ void *lockstate;
+ char *user_id, *scorefile, *prefix, *user_prefix = NULL;
+ struct stat buf;
+@@ -223,8 +224,11 @@
+ usage (EXIT_FAILURE);
+
+ running_suid = (getuid () != geteuid ());
++ running_sgid = (getgid () != getegid ());
++ if (running_suid && running_sgid)
++ lose ("This program can run either suid or sgid, but not both.");
+
+- prefix = get_prefix (running_suid, user_prefix);
++ prefix = get_prefix (running_suid || running_sgid, user_prefix);
+
+ scorefile = malloc (strlen (prefix) + strlen (argv[optind]) + 2);
+ if (!scorefile)
+@@ -263,7 +267,8 @@
+ scorecount -= (scorecount - MAX_SCORES);
+ if (reverse)
+ scores += (scorecount - MAX_SCORES);
+- if (write_scores (scorefile, scores, scorecount) < 0)
++ if (write_scores (scorefile, running_sgid ? 0664 : 0644,
++ scores, scorecount) < 0)
+ {
+ unlock_file (scorefile, lockstate);
+ lose_syserr ("Failed to write scores file");
+@@ -445,8 +450,9 @@
+ }
+
+ int
+-write_scores (filename, scores, count)
++write_scores (filename, mode, scores, count)
+ const char *filename;
++ mode_t mode;
+ const struct score_entry * scores;
+ int count;
+ {
+@@ -471,7 +477,7 @@
+ fclose (f);
+ if (rename (tempfile, filename) < 0)
+ return -1;
+- if (chmod (filename, 0644) < 0)
++ if (chmod (filename, mode) < 0)
+ return -1;
+ return 0;
+ }
+--- emacs-23.4-orig/lisp/play/gamegrid.el
++++ emacs-23.4/lisp/play/gamegrid.el
+@@ -491,13 +491,13 @@
+ (not (zerop (logand (file-modes
+ (expand-file-name "update-game-score"
+ exec-directory))
+- #o4000)))))
++ #o6000)))))
+ (cond ((file-name-absolute-p file)
+ (gamegrid-add-score-insecure file score))
+ ((and gamegrid-shared-game-dir
+ (file-exists-p (expand-file-name file shared-game-score-directory)))
+- ;; Use the setuid "update-game-score" program to update a
+- ;; system-wide score file.
++ ;; Use the setuid (or setgid) "update-game-score" program
++ ;; to update a system-wide score file.
+ (gamegrid-add-score-with-update-game-score-1 file
+ (expand-file-name file shared-game-score-directory) score))
+ ;; Else: Add the score to a score file in the user's home
diff --git a/emacs/24.4/04_all_games-sgid.patch b/emacs/24.4/04_all_games-sgid.patch
new file mode 100644
index 0000000..1c0f43c
--- /dev/null
+++ b/emacs/24.4/04_all_games-sgid.patch
@@ -0,0 +1,226 @@
+Backport support for update-game-score to run sgid instead of suid.
+This comprises parts of the following commits from upstream git:
+
+commit 74ab488ff2e57f31eb5290266f0f3b1995ebf83e
+Author: Paul Eggert <eggert@cs.ucla.edu>
+Date: Thu Jan 22 00:39:30 2015 -0800
+
+ Check exit statuses in lib-src/Makefile
+
+commit 7f4e7dd378c456b498c270b47b46aaae365a72ab
+Author: Ulrich Müller <ulm@gentoo.org>
+Date: Thu Jan 22 08:24:42 2015 +0100
+
+ Don't fail if chown or chgrp for 'update-game-score' is unsuccessful.
+
+commit 20f66485526b69eb26f2e70bd835a5e1333559d5
+Author: Ulrich Müller <ulm@gentoo.org>
+Date: Fri Jan 16 09:25:25 2015 +0100
+
+ Allow update-game-score to run sgid instead of suid.
+
+--- emacs-24.4-orig/configure.ac
++++ emacs-24.4/configure.ac
+@@ -313,10 +313,25 @@
+ fi
+
+ AC_ARG_WITH(gameuser,dnl
+-[AS_HELP_STRING([--with-gameuser=USER],[user for shared game score files])])
+-test "X${with_gameuser}" != X && test "${with_gameuser}" != yes \
+- && gameuser="${with_gameuser}"
+-test "X$gameuser" = X && gameuser=games
++[AS_HELP_STRING([--with-gameuser=USER_OR_GROUP],
++ [user for shared game score files.
++ An argument prefixed by ':' specifies a group instead.])])
++gameuser=
++gamegroup=
++case ${with_gameuser} in
++ no) ;;
++ "" | yes)
++ AC_MSG_CHECKING([whether a 'games' user exists])
++ if id -u games >/dev/null 2>&1; then
++ AC_MSG_RESULT([yes])
++ gameuser=games
++ else
++ AC_MSG_RESULT([no])
++ fi
++ ;;
++ :*) gamegroup=`echo "${with_gameuser}" | sed -e "s/://"` ;;
++ *) gameuser=${with_gameuser} ;;
++esac
+
+ AC_ARG_WITH([gnustep-conf],dnl
+ [AS_HELP_STRING([--with-gnustep-conf=FILENAME],
+@@ -4658,6 +4673,7 @@
+ AC_SUBST(bitmapdir)
+ AC_SUBST(gamedir)
+ AC_SUBST(gameuser)
++AC_SUBST(gamegroup)
+ ## FIXME? Nothing uses @LD_SWITCH_X_SITE@.
+ ## src/Makefile.in did add LD_SWITCH_X_SITE (as a cpp define) to the
+ ## end of LIBX_BASE, but nothing ever set it.
+--- emacs-24.4-orig/lib-src/Makefile.in
++++ emacs-24.4/lib-src/Makefile.in
+@@ -101,6 +101,7 @@
+
+ gamedir=@gamedir@
+ gameuser=@gameuser@
++gamegroup=@gamegroup@
+
+ # ==================== Utility Programs for the Build =================
+
+@@ -243,10 +244,25 @@
+ umask 022; ${MKDIR_P} "$(DESTDIR)${gamedir}"; \
+ touch "$(DESTDIR)${gamedir}/snake-scores"; \
+ touch "$(DESTDIR)${gamedir}/tetris-scores"
+- -if chown ${gameuser} "$(DESTDIR)${archlibdir}/update-game-score${EXEEXT}" && chmod u+s "$(DESTDIR)${archlibdir}/update-game-score${EXEEXT}"; then \
+- chown ${gameuser} "$(DESTDIR)${gamedir}"; \
++ifneq ($(gameuser),)
++ if chown ${gameuser} \
++ "$(DESTDIR)${archlibdir}/update-game-score${EXEEXT}" && \
++ chmod u+s,go-r \
++ "$(DESTDIR)${archlibdir}/update-game-score${EXEEXT}"; \
++ then \
++ chown ${gameuser} "$(DESTDIR)${gamedir}" && \
++ chmod u=rwx,g=rx,o=rx "$(DESTDIR)${gamedir}"; \
++ fi
++else ifneq ($(gamegroup),)
++ if chgrp ${gamegroup} \
++ "$(DESTDIR)${archlibdir}/update-game-score${EXEEXT}" && \
++ chmod g+s,o-r \
++ "$(DESTDIR)${archlibdir}/update-game-score${EXEEXT}"; \
++ then \
++ chgrp ${gamegroup} "$(DESTDIR)${gamedir}" && \
+ chmod u=rwx,g=rwx,o=rx "$(DESTDIR)${gamedir}"; \
+ fi
++endif
+ exp_archlibdir=`cd "$(DESTDIR)${archlibdir}" && /bin/pwd`; \
+ if [ "$$exp_archlibdir" != "`cd ${srcdir} && /bin/pwd`" ]; then \
+ for file in ${SCRIPTS}; do \
+--- emacs-24.4-orig/lib-src/update-game-score.c
++++ emacs-24.4/lib-src/update-game-score.c
+@@ -21,8 +21,8 @@
+
+
+ /* This program allows a game to securely and atomically update a
+- score file. It should be installed setuid, owned by an appropriate
+- user like `games'.
++ score file. It should be installed either setuid or setgid, owned
++ by an appropriate user or group like `games'.
+
+ Alternatively, it can be compiled without HAVE_SHARED_GAME_DIR
+ defined, and in that case it will store scores in the user's home
+@@ -89,7 +89,7 @@
+ ptrdiff_t *size, struct score_entry const *newscore);
+ static void sort_scores (struct score_entry *scores, ptrdiff_t count,
+ bool reverse);
+-static int write_scores (const char *filename,
++static int write_scores (const char *filename, mode_t mode,
+ const struct score_entry *scores, ptrdiff_t count);
+
+ static _Noreturn void
+@@ -122,18 +122,19 @@
+ }
+
+ static const char *
+-get_prefix (bool running_suid, const char *user_prefix)
++get_prefix (bool privileged, const char *user_prefix)
+ {
+- if (!running_suid && user_prefix == NULL)
+- lose ("Not using a shared game directory, and no prefix given.");
+- if (running_suid)
++ if (privileged)
+ {
+ #ifdef HAVE_SHARED_GAME_DIR
+ return HAVE_SHARED_GAME_DIR;
+ #else
+- lose ("This program was compiled without HAVE_SHARED_GAME_DIR,\n and should not be suid.");
++ lose ("This program was compiled without HAVE_SHARED_GAME_DIR,\n"
++ "and should not run with elevated privileges.");
+ #endif
+ }
++ if (user_prefix == NULL)
++ lose ("Not using a shared game directory, and no prefix given.");
+ return user_prefix;
+ }
+
+@@ -141,7 +142,7 @@
+ main (int argc, char **argv)
+ {
+ int c;
+- bool running_suid;
++ bool running_suid, running_sgid;
+ void *lockstate;
+ char *scorefile;
+ char *nl;
+@@ -183,8 +184,11 @@
+ usage (EXIT_FAILURE);
+
+ running_suid = (getuid () != geteuid ());
++ running_sgid = (getgid () != getegid ());
++ if (running_suid && running_sgid)
++ lose ("This program can run either suid or sgid, but not both.");
+
+- prefix = get_prefix (running_suid, user_prefix);
++ prefix = get_prefix (running_suid || running_sgid, user_prefix);
+
+ scorefile = malloc (strlen (prefix) + strlen (argv[optind]) + 2);
+ if (!scorefile)
+@@ -234,7 +238,8 @@
+ scores += scorecount - max_scores;
+ scorecount = max_scores;
+ }
+- if (write_scores (scorefile, scores, scorecount) < 0)
++ if (write_scores (scorefile, running_sgid ? 0664 : 0644,
++ scores, scorecount) < 0)
+ {
+ unlock_file (scorefile, lockstate);
+ lose_syserr ("Failed to write scores file");
+@@ -429,8 +434,8 @@
+ }
+
+ static int
+-write_scores (const char *filename, const struct score_entry *scores,
+- ptrdiff_t count)
++write_scores (const char *filename, mode_t mode,
++ const struct score_entry *scores, ptrdiff_t count)
+ {
+ int fd;
+ FILE *f;
+@@ -444,7 +449,7 @@
+ if (fd < 0)
+ return -1;
+ #ifndef DOS_NT
+- if (fchmod (fd, 0644) != 0)
++ if (fchmod (fd, mode) != 0)
+ return -1;
+ #endif
+ f = fdopen (fd, "w");
+@@ -460,7 +465,7 @@
+ if (rename (tempfile, filename) != 0)
+ return -1;
+ #ifdef DOS_NT
+- if (chmod (filename, 0644) < 0)
++ if (chmod (filename, mode) < 0)
+ return -1;
+ #endif
+ return 0;
+--- emacs-24.4-orig/lisp/play/gamegrid.el
++++ emacs-24.4/lisp/play/gamegrid.el
+@@ -486,13 +486,13 @@
+ (not (zerop (logand (file-modes
+ (expand-file-name "update-game-score"
+ exec-directory))
+- #o4000)))))
++ #o6000)))))
+ (cond ((file-name-absolute-p file)
+ (gamegrid-add-score-insecure file score))
+ ((and gamegrid-shared-game-dir
+ (file-exists-p (expand-file-name file shared-game-score-directory)))
+- ;; Use the setuid "update-game-score" program to update a
+- ;; system-wide score file.
++ ;; Use the setuid (or setgid) "update-game-score" program
++ ;; to update a system-wide score file.
+ (gamegrid-add-score-with-update-game-score-1 file
+ (expand-file-name file shared-game-score-directory) score))
+ ;; Else: Add the score to a score file in the user's home