]>
Commit | Line | Data |
---|---|---|
36c2933d | 1 | From 66a3b14e118e90db80f96fcab52af4df35bc2377 Mon Sep 17 00:00:00 2001 |
313ed234 SS |
2 | From: Adam Jackson <ajax@redhat.com> |
3 | Date: Mon, 10 Dec 2007 11:26:57 -0500 | |
4 | Subject: [PATCH] Hack for proper MIT-SHM rejection for ssh-forwarded clients. | |
5 | ||
6 | --- | |
36c2933d SS |
7 | Xext/shm.c | 16 ++++++++++++++++ |
8 | 1 file changed, 16 insertions(+) | |
313ed234 SS |
9 | |
10 | diff --git a/Xext/shm.c b/Xext/shm.c | |
36c2933d | 11 | index de48020..c011210 100644 |
313ed234 SS |
12 | --- a/Xext/shm.c |
13 | +++ b/Xext/shm.c | |
36c2933d | 14 | @@ -321,8 +321,21 @@ shm_access(ClientPtr client, SHMPERM_TYPE * perm, int readonly) |
313ed234 SS |
15 | mode_t mask; |
16 | int uidset = 0, gidset = 0; | |
17 | LocalClientCredRec *lcc; | |
18 | + Bool is_ssh = FALSE; | |
36c2933d | 19 | |
313ed234 SS |
20 | if (GetLocalClientCreds(client, &lcc) != -1) { |
21 | +#ifdef linux | |
22 | + if (lcc->fieldsSet & LCC_PID_SET) { | |
23 | + /* ssh isn't actually a local client */ | |
24 | + char exe[64], buf[64]; | |
25 | + | |
26 | + memset(buf, 0, 64); | |
27 | + snprintf(exe, 64, "/proc/%d/exe", lcc->pid); | |
28 | + readlink(exe, buf, 63); | |
29 | + if (strstr(buf, "/ssh")) | |
30 | + is_ssh = TRUE; | |
31 | + } | |
32 | +#endif | |
33 | ||
36c2933d SS |
34 | if (lcc->fieldsSet & LCC_UID_SET) { |
35 | uid = lcc->euid; | |
36 | @@ -342,6 +355,9 @@ shm_access(ClientPtr client, SHMPERM_TYPE * perm, int readonly) | |
313ed234 | 37 | #endif |
36c2933d SS |
38 | FreeLocalClientCreds(lcc); |
39 | ||
40 | + if (is_ssh) | |
41 | + return -1; | |
313ed234 | 42 | + |
36c2933d SS |
43 | if (uidset) { |
44 | /* User id 0 always gets access */ | |
45 | if (uid == 0) { | |
313ed234 | 46 | -- |
36c2933d | 47 | 1.7.10.1 |
313ed234 | 48 |