]>
Commit | Line | Data |
---|---|---|
313ed234 SS |
1 | From 4306b434038de7e2b17d3c4a6cfd87db469d3bda Mon Sep 17 00:00:00 2001 |
2 | From: Adam Jackson <ajax@redhat.com> | |
3 | Date: Mon, 10 Dec 2007 11:26:57 -0500 | |
4 | Subject: [PATCH] Hack for proper MIT-SHM rejection for ssh-forwarded clients. | |
5 | ||
6 | --- | |
7 | Xext/shm.c | 15 +++++++++++++++ | |
8 | 1 files changed, 15 insertions(+), 0 deletions(-) | |
9 | ||
10 | diff --git a/Xext/shm.c b/Xext/shm.c | |
11 | index 5937a03..5376c19 100644 | |
12 | --- a/Xext/shm.c | |
13 | +++ b/Xext/shm.c | |
14 | @@ -381,8 +381,21 @@ | |
15 | mode_t mask; | |
16 | int uidset = 0, gidset = 0; | |
17 | LocalClientCredRec *lcc; | |
18 | + Bool is_ssh = FALSE; | |
19 | ||
20 | if (GetLocalClientCreds(client, &lcc) != -1) { | |
21 | +#ifdef linux | |
22 | + if (lcc->fieldsSet & LCC_PID_SET) { | |
23 | + /* ssh isn't actually a local client */ | |
24 | + char exe[64], buf[64]; | |
25 | + | |
26 | + memset(buf, 0, 64); | |
27 | + snprintf(exe, 64, "/proc/%d/exe", lcc->pid); | |
28 | + readlink(exe, buf, 63); | |
29 | + if (strstr(buf, "/ssh")) | |
30 | + is_ssh = TRUE; | |
31 | + } | |
32 | +#endif | |
33 | ||
34 | if (lcc->fieldsSet & LCC_UID_SET) { | |
35 | uid = lcc->euid; | |
36 | @@ -401,6 +414,9 @@ | |
37 | } | |
38 | #endif | |
39 | FreeLocalClientCreds(lcc); | |
40 | + | |
41 | + if (is_ssh) | |
42 | + return -1; | |
43 | ||
44 | if (uidset) { | |
45 | /* User id 0 always gets access */ | |
46 | -- | |
47 | 1.5.3.4 | |
48 |