aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'emacs/24.4/04_all_games-sgid.patch')
-rw-r--r--emacs/24.4/04_all_games-sgid.patch259
1 files changed, 0 insertions, 259 deletions
diff --git a/emacs/24.4/04_all_games-sgid.patch b/emacs/24.4/04_all_games-sgid.patch
deleted file mode 100644
index 882e3ca..0000000
--- a/emacs/24.4/04_all_games-sgid.patch
+++ /dev/null
@@ -1,259 +0,0 @@
-Backport support for update-game-score to run sgid instead of suid.
-This comprises parts of the following commits from upstream git:
-
-commit dbde138155118344b33dfd2db95f688a24a42fec
-Author: Ulrich Müller <ulm@gentoo.org>
-Date: Sun Feb 8 21:00:49 2015 +0100
-
- configure --with-gameuser now defaults to games group.
-
-commit 74ab488ff2e57f31eb5290266f0f3b1995ebf83e
-Author: Paul Eggert <eggert@cs.ucla.edu>
-Date: Thu Jan 22 00:39:30 2015 -0800
-
- Check exit statuses in lib-src/Makefile
-
-commit 7f4e7dd378c456b498c270b47b46aaae365a72ab
-Author: Ulrich Müller <ulm@gentoo.org>
-Date: Thu Jan 22 08:24:42 2015 +0100
-
- Don't fail if chown or chgrp for 'update-game-score' is unsuccessful.
-
-commit 20f66485526b69eb26f2e70bd835a5e1333559d5
-Author: Ulrich Müller <ulm@gentoo.org>
-Date: Fri Jan 16 09:25:25 2015 +0100
-
- Allow update-game-score to run sgid instead of suid.
-
---- emacs-24.4-orig/configure.ac
-+++ emacs-24.4/configure.ac
-@@ -313,10 +313,20 @@
- fi
-
- AC_ARG_WITH(gameuser,dnl
--[AS_HELP_STRING([--with-gameuser=USER],[user for shared game score files])])
--test "X${with_gameuser}" != X && test "${with_gameuser}" != yes \
-- && gameuser="${with_gameuser}"
--test "X$gameuser" = X && gameuser=games
-+[AS_HELP_STRING([--with-gameuser=USER_OR_GROUP],
-+ [user for shared game score files.
-+ An argument prefixed by ':' specifies a group instead.])])
-+gameuser=
-+gamegroup=
-+# We don't test if we can actually chown/chgrp here, because configure
-+# may run without root privileges. lib-src/Makefile.in will handle
-+# any errors due to missing user/group gracefully.
-+case ${with_gameuser} in
-+ no) ;;
-+ "" | yes) gamegroup=games ;;
-+ :*) gamegroup=`echo "${with_gameuser}" | sed -e "s/://"` ;;
-+ *) gameuser=${with_gameuser} ;;
-+esac
-
- AC_ARG_WITH([gnustep-conf],dnl
- [AS_HELP_STRING([--with-gnustep-conf=FILENAME],
-@@ -4658,6 +4668,7 @@
- AC_SUBST(bitmapdir)
- AC_SUBST(gamedir)
- AC_SUBST(gameuser)
-+AC_SUBST(gamegroup)
- ## FIXME? Nothing uses @LD_SWITCH_X_SITE@.
- ## src/Makefile.in did add LD_SWITCH_X_SITE (as a cpp define) to the
- ## end of LIBX_BASE, but nothing ever set it.
---- emacs-24.4-orig/lib-src/Makefile.in
-+++ emacs-24.4/lib-src/Makefile.in
-@@ -101,6 +101,7 @@
-
- gamedir=@gamedir@
- gameuser=@gameuser@
-+gamegroup=@gamegroup@
-
- # ==================== Utility Programs for the Build =================
-
-@@ -243,10 +244,25 @@
- umask 022; ${MKDIR_P} "$(DESTDIR)${gamedir}"; \
- touch "$(DESTDIR)${gamedir}/snake-scores"; \
- touch "$(DESTDIR)${gamedir}/tetris-scores"
-- -if chown ${gameuser} "$(DESTDIR)${archlibdir}/update-game-score${EXEEXT}" && chmod u+s "$(DESTDIR)${archlibdir}/update-game-score${EXEEXT}"; then \
-- chown ${gameuser} "$(DESTDIR)${gamedir}"; \
-+ifneq ($(gameuser),)
-+ if chown ${gameuser} \
-+ "$(DESTDIR)${archlibdir}/update-game-score${EXEEXT}" && \
-+ chmod u+s,go-r \
-+ "$(DESTDIR)${archlibdir}/update-game-score${EXEEXT}"; \
-+ then \
-+ chown ${gameuser} "$(DESTDIR)${gamedir}" && \
-+ chmod u=rwx,g=rx,o=rx "$(DESTDIR)${gamedir}"; \
-+ fi
-+else ifneq ($(gamegroup),)
-+ if chgrp ${gamegroup} \
-+ "$(DESTDIR)${archlibdir}/update-game-score${EXEEXT}" && \
-+ chmod g+s,o-r \
-+ "$(DESTDIR)${archlibdir}/update-game-score${EXEEXT}"; \
-+ then \
-+ chgrp ${gamegroup} "$(DESTDIR)${gamedir}" && \
- chmod u=rwx,g=rwx,o=rx "$(DESTDIR)${gamedir}"; \
- fi
-+endif
- exp_archlibdir=`cd "$(DESTDIR)${archlibdir}" && /bin/pwd`; \
- if [ "$$exp_archlibdir" != "`cd ${srcdir} && /bin/pwd`" ]; then \
- for file in ${SCRIPTS}; do \
---- emacs-24.4-orig/lib-src/update-game-score.c
-+++ emacs-24.4/lib-src/update-game-score.c
-@@ -21,8 +21,8 @@
-
-
- /* This program allows a game to securely and atomically update a
-- score file. It should be installed setuid, owned by an appropriate
-- user like `games'.
-+ score file. It should be installed either setuid or setgid, owned
-+ by an appropriate user or group like `games'.
-
- Alternatively, it can be compiled without HAVE_SHARED_GAME_DIR
- defined, and in that case it will store scores in the user's home
-@@ -89,7 +89,7 @@
- ptrdiff_t *size, struct score_entry const *newscore);
- static void sort_scores (struct score_entry *scores, ptrdiff_t count,
- bool reverse);
--static int write_scores (const char *filename,
-+static int write_scores (const char *filename, mode_t mode,
- const struct score_entry *scores, ptrdiff_t count);
-
- static _Noreturn void
-@@ -122,18 +122,19 @@
- }
-
- static const char *
--get_prefix (bool running_suid, const char *user_prefix)
-+get_prefix (bool privileged, const char *user_prefix)
- {
-- if (!running_suid && user_prefix == NULL)
-- lose ("Not using a shared game directory, and no prefix given.");
-- if (running_suid)
-+ if (privileged)
- {
- #ifdef HAVE_SHARED_GAME_DIR
- return HAVE_SHARED_GAME_DIR;
- #else
-- lose ("This program was compiled without HAVE_SHARED_GAME_DIR,\n and should not be suid.");
-+ lose ("This program was compiled without HAVE_SHARED_GAME_DIR,\n"
-+ "and should not run with elevated privileges.");
- #endif
- }
-+ if (user_prefix == NULL)
-+ lose ("Not using a shared game directory, and no prefix given.");
- return user_prefix;
- }
-
-@@ -141,7 +142,7 @@
- main (int argc, char **argv)
- {
- int c;
-- bool running_suid;
-+ bool running_suid, running_sgid;
- void *lockstate;
- char *scorefile;
- char *nl;
-@@ -183,8 +184,11 @@
- usage (EXIT_FAILURE);
-
- running_suid = (getuid () != geteuid ());
-+ running_sgid = (getgid () != getegid ());
-+ if (running_suid && running_sgid)
-+ lose ("This program can run either suid or sgid, but not both.");
-
-- prefix = get_prefix (running_suid, user_prefix);
-+ prefix = get_prefix (running_suid || running_sgid, user_prefix);
-
- scorefile = malloc (strlen (prefix) + strlen (argv[optind]) + 2);
- if (!scorefile)
-@@ -234,7 +238,8 @@
- scores += scorecount - max_scores;
- scorecount = max_scores;
- }
-- if (write_scores (scorefile, scores, scorecount) < 0)
-+ if (write_scores (scorefile, running_sgid ? 0664 : 0644,
-+ scores, scorecount) < 0)
- {
- unlock_file (scorefile, lockstate);
- lose_syserr ("Failed to write scores file");
-@@ -429,8 +434,8 @@
- }
-
- static int
--write_scores (const char *filename, const struct score_entry *scores,
-- ptrdiff_t count)
-+write_scores (const char *filename, mode_t mode,
-+ const struct score_entry *scores, ptrdiff_t count)
- {
- int fd;
- FILE *f;
-@@ -444,7 +449,7 @@
- if (fd < 0)
- return -1;
- #ifndef DOS_NT
-- if (fchmod (fd, 0644) != 0)
-+ if (fchmod (fd, mode) != 0)
- return -1;
- #endif
- f = fdopen (fd, "w");
-@@ -460,7 +465,7 @@
- if (rename (tempfile, filename) != 0)
- return -1;
- #ifdef DOS_NT
-- if (chmod (filename, 0644) < 0)
-+ if (chmod (filename, mode) < 0)
- return -1;
- #endif
- return 0;
---- emacs-24.4-orig/lisp/play/gamegrid.el
-+++ emacs-24.4/lisp/play/gamegrid.el
-@@ -462,22 +462,22 @@
- ;; `gamegrid-add-score' was supposed to be used in the past and
- ;; is covered here for backward-compatibility.
- ;;
--;; 2. The helper program "update-game-score" is setuid and the
--;; file FILE does already exist in a system wide shared game
--;; directory. This should be the normal case on POSIX systems,
--;; if the game was installed system wide. Use
-+;; 2. The helper program "update-game-score" is setgid or setuid
-+;; and the file FILE does already exist in a system wide shared
-+;; game directory. This should be the normal case on POSIX
-+;; systems, if the game was installed system wide. Use
- ;; "update-game-score" to add the score to the file in the
- ;; shared game directory.
- ;;
--;; 3. "update-game-score" is setuid, but the file FILE does *not*
--;; exist in the system wide shared game directory. Use
-+;; 3. "update-game-score" is setgid/setuid, but the file FILE does
-+;; *not* exist in the system wide shared game directory. Use
- ;; `gamegrid-add-score-insecure' to create--if necessary--and
- ;; update FILE. This is for the case that a user has installed
- ;; a game on her own.
- ;;
--;; 4. "update-game-score" is not setuid. Use it to create/update
--;; FILE in the user's home directory. There is presumably no
--;; shared game directory.
-+;; 4. "update-game-score" is not setgid/setuid. Use it to
-+;; create/update FILE in the user's home directory. There is
-+;; presumably no shared game directory.
-
- (defvar gamegrid-shared-game-dir)
-
-@@ -486,13 +486,13 @@
- (not (zerop (logand (file-modes
- (expand-file-name "update-game-score"
- exec-directory))
-- #o4000)))))
-+ #o6000)))))
- (cond ((file-name-absolute-p file)
- (gamegrid-add-score-insecure file score))
- ((and gamegrid-shared-game-dir
- (file-exists-p (expand-file-name file shared-game-score-directory)))
-- ;; Use the setuid "update-game-score" program to update a
-- ;; system-wide score file.
-+ ;; Use the setgid (or setuid) "update-game-score" program
-+ ;; to update a system-wide score file.
- (gamegrid-add-score-with-update-game-score-1 file
- (expand-file-name file shared-game-score-directory) score))
- ;; Else: Add the score to a score file in the user's home