Re: kern/58438 (Compatibility issues with per-user-temp [described security(7) man page])

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,13mdf%fege.net@localhost
Subject: Re: kern/58438 (Compatibility issues with per-user-temp [described security(7) man page])
From: "RVP via gnats" <gnats-admin%NetBSD.org@localhost>
Date: Sat, 2 Nov 2024 08:30:03 +0000 (UTC)

The following reply was made to PR kern/58438; it has been noted by GNATS.

From: RVP <rvp%SDF.ORG@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc: gutteridge%NetBSD.org@localhost
Subject: Re: kern/58438 (Compatibility issues with per-user-temp [described
 security(7) man page])
Date: Sat, 2 Nov 2024 08:28:12 +0000 (UTC)

 OK, this patch seems to work.

 When xdm is started using the rc(8) framework, setusercontext(3) never gets
 called (this is only called in xdm _after_ user authentication), so the X
 server can't start without /private/tmp/0 existing. Do a bogus su(1) in
 /etc/rc.d/xdm to create this.

 Next, do the same for each user before _their_ X session is started; _and_
 since now X is running as root and the user is not, and there's no shared
 /tmp anymore, link root's X11 lock-file and socket into the user's per-user
 /tmp dir.

 Thankfully, both files are normally world-readable and -writable by default.

 This is a terrible hack... (note that if you change xdm-config to use a
 different DisplayManager._0.startup, you'll have to put that hack in the new
 file.)

 -RVP

 ```
 --- etc/rc.d/xdm.orig	2024-01-29 23:14:46.000000000 +0000
 +++ etc/rc.d/xdm	2024-11-02 07:40:02.031867487 +0000
 @@ -17,4 +17,9 @@
   extra_commands="reload"

   load_rc_config $name
 +
 +if readlink /tmp | grep -q @ruid && [ $1 = start ]
 +then	su root -c 'echo "Bogus su(1) to create /private/tmp/0"'
 +fi
 +
   run_rc_command "$1"
 --- etc/X11/xdm/GiveConsole.orig	2024-01-29 23:14:46.000000000 +0000
 +++ etc/X11/xdm/GiveConsole	2024-11-02 07:35:40.902195347 +0000
 @@ -7,3 +7,18 @@
   # causing serious grief.
   #
   chown $USER /dev/console
 +
 +UID=$(id -u $USER)
 +if readlink /tmp | grep -q @ruid && [ $UID -ne 0 ]
 +then
 +	# First, do a bogus su(1) to create $USER's "/tmp" dir.;
 +	# then force create _hard-links_ to root's X socket and
 +	# lock-file _every time_--as the inodes of root's files
 +	# could change with every session.
 +
 +	su "$USER" -c "echo 'This creates /private/tmp/$UID'"
 +	cd /private/tmp/$UID || exit 1		# sanity chk.
 +	test -d .X11-unix || install -dm 700 -o $USER .X11-unix
 +	ln -f /private/tmp/0/.X0-lock .X0-lock
 +	ln -f /private/tmp/0/.X11-unix/X0 .X11-unix/X0
 +fi
 ```

Prev by Date: PR/58752 CVS commit: src/include
Next by Date: bin/58806: gpt(8) creates new partitions with all-zero UUID
Previous by Thread: Re: kern/58438 (Compatibility issues with per-user-temp [described security(7) man page])
Next by Thread: Re: kern/58438 (Compatibility issues with per-user-temp [described security(7) man page])
Indexes:

Home | Main Index | Thread Index | Old Index