slackware-current/source/xap/xscreensaver/xscreensaver.setuid.diff

--- ./driver/setuid.c.orig	2006-02-08 20:28:38.000000000 -0600
+++ ./driver/setuid.c	2006-04-04 16:48:08.000000000 -0500
@@ -1,5 +1,5 @@
 /* setuid.c --- management of runtime privileges.
- * xscreensaver, Copyright (c) 1993-1998, 2005 Jamie Zawinski <jwz@jwz.org>
+ * xscreensaver, Copyright (c) 1993-1998 Jamie Zawinski <jwz@jwz.org>
  *
  * Permission to use, copy, modify, distribute, and sell this software and its
  * documentation for any purpose is hereby granted without fee, provided that
@@ -41,7 +41,7 @@
   struct group *g = 0;
   p = getpwuid (uid);
   g = getgrgid (gid);
-  sprintf (buf, "%.100s/%.100s (%ld/%ld)",
+  sprintf (buf, "%s/%s (%ld/%ld)",
 	   (p && p->pw_name ? p->pw_name : "???"),
 	   (g && g->gr_name ? g->gr_name : "???"),
 	   (long) uid, (long) gid);
@@ -74,50 +74,11 @@
 }
 
 
-/* Returns true if we need to call setgroups().
-
-   Without calling setgroups(), the process will retain any supplementary
-   gids associated with the uid, e.g.:
-
-       % groups root
-       root : root bin daemon sys adm disk wheel
-
-   However, setgroups() can only be called by root, and returns EPERM
-   for other users even if the call would be a no-op (e.g., setting the
-   group list to the current list.)  So, to avoid that spurious error,
-   before calling setgroups() we first check whether the current list
-   of groups contains only one element, our target group.  If so, we
-   don't need to call setgroups().
- */
-static int
-setgroups_needed_p (uid_t target_group)
-{
-  gid_t groups[1024];
-  int n, size;
-  size = sizeof(groups) / sizeof(gid_t);
-  n = getgroups (size - 1, groups);
-  if (n < 0)
-    {
-      char buf [1024];
-      sprintf (buf, "%s: getgroups(%ld, ...)", blurb(), (long int)(size - 1));
-      perror (buf);
-      return 1;
-    }
-  else if (n == 0)            /* an empty list means only egid is in effect. */
-    return 0;
-  else if (n == 1 && groups[0] == target_group)   /* one element, the target */
-    return 0;
-  else                        /* more than one, or the wrong one. */
-    return 1;
-}
-
-
 static int
 set_ids_by_number (uid_t uid, gid_t gid, char **message_ret)
 {
   int uid_errno = 0;
   int gid_errno = 0;
-  int sgs_errno = 0;
   struct passwd *p = getpwuid (uid);
   struct group  *g = getgrgid (gid);
 
@@ -136,11 +97,6 @@
   if (uid == (uid_t) -1) uid = (uid_t) -2;
 
   errno = 0;
-  if (setgroups_needed_p (gid) &&
-      setgroups (1, &gid) < 0)
-    sgs_errno = errno ? errno : -1;
-
-  errno = 0;
   if (setgid (gid) != 0)
     gid_errno = errno ? errno : -1;
 
@@ -148,10 +104,10 @@
   if (setuid (uid) != 0)
     uid_errno = errno ? errno : -1;
 
-  if (uid_errno == 0 && gid_errno == 0 && sgs_errno == 0)
+  if (uid_errno == 0 && gid_errno == 0)
     {
       static char buf [1024];
-      sprintf (buf, "changed uid/gid to %.100s/%.100s (%ld/%ld).",
+      sprintf (buf, "changed uid/gid to %s/%s (%ld/%ld).",
 	       (p && p->pw_name ? p->pw_name : "???"),
                (g && g->gr_name ? g->gr_name : "???"),
 	       (long) uid, (long) gid);
@@ -162,71 +118,28 @@
   else
     {
       char buf [1024];
-      gid_t groups[1024];
-      int n, size;
-
-      if (sgs_errno)
-	{
-	  sprintf (buf, "%s: couldn't setgroups to %.100s (%ld)",
-		   blurb(),
-		   (g && g->gr_name ? g->gr_name : "???"),
-		   (long) gid);
-	  if (sgs_errno == -1)
-	    fprintf(stderr, "%s: unknown error\n", buf);
-	  else
-            {
-              errno = sgs_errno;
-              perror(buf);
-            }
-
-	  fprintf (stderr, "%s: effective group list: ", blurb());
-	  size = sizeof(groups) / sizeof(gid_t);
-          n = getgroups (size - 1, groups);
-          if (n < 0)
-            fprintf (stderr, "unknown!\n");
-          else
-            {
-              int i;
-              fprintf (stderr, "[");
-              for (i = 0; i < n; i++)
-                {
-                  g = getgrgid (groups[i]);
-                  if (i > 0) fprintf (stderr, ", ");
-                  if (g && g->gr_name) fprintf (stderr, "%s", g->gr_name);
-                  else fprintf (stderr, "%ld", (long) groups[i]);
-                }
-              fprintf (stderr, "]\n");
-            }
-        }
-
       if (gid_errno)
 	{
-	  sprintf (buf, "%s: couldn't set gid to %.100s (%ld)",
+	  sprintf (buf, "%s: couldn't set gid to %s (%ld)",
 		   blurb(),
 		   (g && g->gr_name ? g->gr_name : "???"),
 		   (long) gid);
 	  if (gid_errno == -1)
 	    fprintf(stderr, "%s: unknown error\n", buf);
 	  else
-            {
-              errno = gid_errno;
-              perror(buf);
-            }
+	    perror(buf);
 	}
 
       if (uid_errno)
 	{
-	  sprintf (buf, "%s: couldn't set uid to %.100s (%ld)",
+	  sprintf (buf, "%s: couldn't set uid to %s (%ld)",
 		   blurb(),
 		   (p && p->pw_name ? p->pw_name : "???"),
 		   (long) uid);
 	  if (uid_errno == -1)
 	    fprintf(stderr, "%s: unknown error\n", buf);
 	  else
-            {
-              errno = uid_errno;
-              perror(buf);
-            }
+	    perror(buf);
 	}
 
       return -1;
@@ -350,7 +263,7 @@
 	!strcmp (p->pw_name, "games"))
       {
 	static char buf [1024];
-	sprintf (buf, "running as %.100s",
+	sprintf (buf, "running as %s",
 		 (p && p->pw_name && *p->pw_name
 		  ? p->pw_name : "<unknown>"));
 	si->nolock_reason = buf;
Slackware 13.0 Wed Aug 26 10:00:38 CDT 2009 Slackware 13.0 x86_64 is released as stable! Thanks to everyone who helped make this release possible -- see the RELEASE_NOTES for the credits. The ISOs are off to the replicator. This time it will be a 6 CD-ROM 32-bit set and a dual-sided 32-bit/64-bit x86/x86_64 DVD. We're taking pre-orders now at store.slackware.com. Please consider picking up a copy to help support the project. Once again, thanks to the entire Slackware community for all the help testing and fixing things and offering suggestions during this development cycle. As always, have fun and enjoy! -P. 2009-08-26 17:00:38 +02:00			`--- ./driver/setuid.c.orig 2006-02-08 20:28:38.000000000 -0600`
			`+++ ./driver/setuid.c 2006-04-04 16:48:08.000000000 -0500`
			`@@ -1,5 +1,5 @@`
			`/* setuid.c --- management of runtime privileges.`
			`- * xscreensaver, Copyright (c) 1993-1998, 2005 Jamie Zawinski <jwz@jwz.org>`
			`+ * xscreensaver, Copyright (c) 1993-1998 Jamie Zawinski <jwz@jwz.org>`
			`*`
			`* Permission to use, copy, modify, distribute, and sell this software and its`
			`* documentation for any purpose is hereby granted without fee, provided that`
			`@@ -41,7 +41,7 @@`
			`struct group *g = 0;`
			`p = getpwuid (uid);`
			`g = getgrgid (gid);`
			`- sprintf (buf, "%.100s/%.100s (%ld/%ld)",`
			`+ sprintf (buf, "%s/%s (%ld/%ld)",`
			`(p && p->pw_name ? p->pw_name : "???"),`
			`(g && g->gr_name ? g->gr_name : "???"),`
			`(long) uid, (long) gid);`
			`@@ -74,50 +74,11 @@`
			`}`


			`-/* Returns true if we need to call setgroups().`
			`-`
			`- Without calling setgroups(), the process will retain any supplementary`
			`- gids associated with the uid, e.g.:`
			`-`
			`- % groups root`
			`- root : root bin daemon sys adm disk wheel`
			`-`
			`- However, setgroups() can only be called by root, and returns EPERM`
			`- for other users even if the call would be a no-op (e.g., setting the`
			`- group list to the current list.) So, to avoid that spurious error,`
			`- before calling setgroups() we first check whether the current list`
			`- of groups contains only one element, our target group. If so, we`
			`- don't need to call setgroups().`
			`- */`
			`-static int`
			`-setgroups_needed_p (uid_t target_group)`
			`-{`
			`- gid_t groups[1024];`
			`- int n, size;`
			`- size = sizeof(groups) / sizeof(gid_t);`
			`- n = getgroups (size - 1, groups);`
			`- if (n < 0)`
			`- {`
			`- char buf [1024];`
			`- sprintf (buf, "%s: getgroups(%ld, ...)", blurb(), (long int)(size - 1));`
			`- perror (buf);`
			`- return 1;`
			`- }`
			`- else if (n == 0) /* an empty list means only egid is in effect. */`
			`- return 0;`
			`- else if (n == 1 && groups[0] == target_group) /* one element, the target */`
			`- return 0;`
			`- else /* more than one, or the wrong one. */`
			`- return 1;`
			`-}`
			`-`
			`-`
			`static int`
			`set_ids_by_number (uid_t uid, gid_t gid, char **message_ret)`
			`{`
			`int uid_errno = 0;`
			`int gid_errno = 0;`
			`- int sgs_errno = 0;`
			`struct passwd *p = getpwuid (uid);`
			`struct group *g = getgrgid (gid);`

			`@@ -136,11 +97,6 @@`
			`if (uid == (uid_t) -1) uid = (uid_t) -2;`

			`errno = 0;`
			`- if (setgroups_needed_p (gid) &&`
			`- setgroups (1, &gid) < 0)`
			`- sgs_errno = errno ? errno : -1;`
			`-`
			`- errno = 0;`
			`if (setgid (gid) != 0)`
			`gid_errno = errno ? errno : -1;`

			`@@ -148,10 +104,10 @@`
			`if (setuid (uid) != 0)`
			`uid_errno = errno ? errno : -1;`

			`- if (uid_errno == 0 && gid_errno == 0 && sgs_errno == 0)`
			`+ if (uid_errno == 0 && gid_errno == 0)`
			`{`
			`static char buf [1024];`
			`- sprintf (buf, "changed uid/gid to %.100s/%.100s (%ld/%ld).",`
			`+ sprintf (buf, "changed uid/gid to %s/%s (%ld/%ld).",`
			`(p && p->pw_name ? p->pw_name : "???"),`
			`(g && g->gr_name ? g->gr_name : "???"),`
			`(long) uid, (long) gid);`
			`@@ -162,71 +118,28 @@`
			`else`
			`{`
			`char buf [1024];`
			`- gid_t groups[1024];`
			`- int n, size;`
			`-`
			`- if (sgs_errno)`
			`- {`
			`- sprintf (buf, "%s: couldn't setgroups to %.100s (%ld)",`
			`- blurb(),`
			`- (g && g->gr_name ? g->gr_name : "???"),`
			`- (long) gid);`
			`- if (sgs_errno == -1)`
			`- fprintf(stderr, "%s: unknown error\n", buf);`
			`- else`
			`- {`
			`- errno = sgs_errno;`
			`- perror(buf);`
			`- }`
			`-`
			`- fprintf (stderr, "%s: effective group list: ", blurb());`
			`- size = sizeof(groups) / sizeof(gid_t);`
			`- n = getgroups (size - 1, groups);`
			`- if (n < 0)`
			`- fprintf (stderr, "unknown!\n");`
			`- else`
			`- {`
			`- int i;`
			`- fprintf (stderr, "[");`
			`- for (i = 0; i < n; i++)`
			`- {`
			`- g = getgrgid (groups[i]);`
			`- if (i > 0) fprintf (stderr, ", ");`
			`- if (g && g->gr_name) fprintf (stderr, "%s", g->gr_name);`
			`- else fprintf (stderr, "%ld", (long) groups[i]);`
			`- }`
			`- fprintf (stderr, "]\n");`
			`- }`
			`- }`
			`-`
			`if (gid_errno)`
			`{`
			`- sprintf (buf, "%s: couldn't set gid to %.100s (%ld)",`
			`+ sprintf (buf, "%s: couldn't set gid to %s (%ld)",`
			`blurb(),`
			`(g && g->gr_name ? g->gr_name : "???"),`
			`(long) gid);`
			`if (gid_errno == -1)`
			`fprintf(stderr, "%s: unknown error\n", buf);`
			`else`
			`- {`
			`- errno = gid_errno;`
			`- perror(buf);`
			`- }`
			`+ perror(buf);`
			`}`

			`if (uid_errno)`
			`{`
			`- sprintf (buf, "%s: couldn't set uid to %.100s (%ld)",`
			`+ sprintf (buf, "%s: couldn't set uid to %s (%ld)",`
			`blurb(),`
			`(p && p->pw_name ? p->pw_name : "???"),`
			`(long) uid);`
			`if (uid_errno == -1)`
			`fprintf(stderr, "%s: unknown error\n", buf);`
			`else`
			`- {`
			`- errno = uid_errno;`
			`- perror(buf);`
			`- }`
			`+ perror(buf);`
			`}`

			`return -1;`
			`@@ -350,7 +263,7 @@`
			`!strcmp (p->pw_name, "games"))`
			`{`
			`static char buf [1024];`
			`- sprintf (buf, "running as %.100s",`
			`+ sprintf (buf, "running as %s",`
			`(p && p->pw_name && *p->pw_name`
			`? p->pw_name : "<unknown>"));`
			`si->nolock_reason = buf;`