From: Michael Tremer Date: Mon, 22 Feb 2010 10:54:37 +0000 (+0100) Subject: glibc: Remove the issetugid patch. X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4c501a6f7310ca7124017bf7b4d328ce2d273eee;p=ipfire-3.x.git glibc: Remove the issetugid patch. It's not safer than get*id. The Glibc issetugid() patch is no longer used. issetugid() could be preloaded from a user-defined library, just like getuid() or getgid(), so issetugid() doesn't have any benefit. In BSD, and Solaris, issetugid() is a kernel syscall and is safer. In Linux we should use __libc_enable_secure(), which is similar, but requires packages to be patched. All packages should be searched for the issetugid() function, and modified to use __libc_enable_secure() instead. --- diff --git a/pkgs/core/glibc/patches/glibc-2.10.1-issetugid-1.patch b/pkgs/core/glibc/patches/glibc-2.10.1-issetugid-1.patch deleted file mode 100644 index 2cb97b93b..000000000 --- a/pkgs/core/glibc/patches/glibc-2.10.1-issetugid-1.patch +++ /dev/null @@ -1,243 +0,0 @@ -Submitted By: Robert Connolly (ashes) -Date: 2007-04-25 -Initial Package Version: 2.5 -Upstream Status: Not Submitted -Origin: Alt-Linux and Me. -Description: This adds the issetugid() library function as a frontend -to the __libc_enable_secure() dynamic linker function. This wasn't really -nescessary, but the patch effectively clones the OpenBSD issetugid() -library function so it can be found and used by packages like Ncurses, -and KDE. Adding this issetugid() wrapper keeps us from needing to patch many -packages to use __libc_enable_secure(). - -You will probably want to install the (modified) manual/issetugid.3 -manual page too. - -diff -Naur glibc-2.5.orig/manual/issetugid.3 glibc-2.5/manual/issetugid.3 ---- glibc-2.5.orig/manual/issetugid.3 1970-01-01 00:00:00.000000000 +0000 -+++ glibc-2.5/manual/issetugid.3 2007-04-25 23:23:21.000000000 +0000 -@@ -0,0 +1,106 @@ -+.\" $OpenBSD: issetugid.2,v 1.18 2003/06/02 20:18:39 millert Exp $ -+.\" -+.\" Copyright (c) 1980, 1991, 1993 -+.\" The Regents of the University of California. All rights reserved. -+.\" -+.\" Redistribution and use in source and binary forms, with or without -+.\" modification, are permitted provided that the following conditions -+.\" are met: -+.\" 1. Redistributions of source code must retain the above copyright -+.\" notice, this list of conditions and the following disclaimer. -+.\" 2. Redistributions in binary form must reproduce the above copyright -+.\" notice, this list of conditions and the following disclaimer in the -+.\" documentation and/or other materials provided with the distribution. -+.\" 3. Neither the name of the University nor the names of its contributors -+.\" may be used to endorse or promote products derived from this software -+.\" without specific prior written permission. -+.\" -+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+.\" SUCH DAMAGE. -+.\" -+.Dd August 25, 1996 -+.Dt ISSETUGID 3 -+.Os -+.Sh NAME -+.Nm issetugid -+.Nd is current executable running setuid or setgid -+.Sh SYNOPSIS -+.Fd #include -+.Ft int -+.Fn issetugid void -+.Sh DESCRIPTION -+The -+.Fn issetugid -+function returns 1 if the process was made setuid or setgid as -+the result of the last or other previous -+.Fn execve -+system calls. -+Otherwise it returns 0. -+.Pp -+This function exists so that library routines (inside libtermlib, libc, -+or other libraries) can guarantee safe behavior when used inside -+setuid or setgid programs. This implementation uses the -+__libc_enable_secure() function from Glibc's dynamic linker. -+Some library routines may be passed insufficient information and hence -+not know whether the current program was started setuid or setgid -+because higher level calling code may have made changes to the uid, euid, -+gid, or egid. -+Hence these low-level library routines are unable to determine if they -+are being run with elevated or normal privileges. -+.Pp -+In particular, it is wise to use this call to determine if a -+pathname returned from a -+.Fn getenv -+call may safely be used to -+.Fn open -+the specified file. -+Quite often this is not wise because the status of the effective uid -+is not known. -+.Pp -+The -+.Fn issetugid -+system call's result is unaffected by calls to -+.Fn setuid , -+.Fn setgid , -+or other such calls. -+In case of a -+.Fn fork , -+the child process inherits the same status. -+.Pp -+The status of -+.Fn issetugid -+is only affected by -+.Fn execve . -+If a child process executes a new executable file, a new issetugid -+status will be determined. -+This status is based on the existing process's uid, euid, gid, -+and egid permissions and on the modes of the executable file. -+If the new executable file modes are setuid or setgid, or if -+the existing process is executing the new image with -+uid != euid or gid != egid, the new process will be considered -+issetugid. -+.Sh ERRORS -+The -+.Fn issetugid -+function is always successful, and no return value is reserved to -+indicate an error. -+.Sh SEE ALSO -+.Xr execve 2 , -+.Xr setegid 2 , -+.Xr seteuid 2 , -+.Xr setgid 2 , -+.Xr setuid 2 -+.Sh HISTORY -+The -+.Fn issetugid -+function call first appeared in -+.Ox 2.0 . -diff -Naur glibc-2.5.orig/posix/Makefile glibc-2.5/posix/Makefile ---- glibc-2.5.orig/posix/Makefile 2006-09-07 13:50:05.000000000 +0000 -+++ glibc-2.5/posix/Makefile 2007-04-25 23:23:21.000000000 +0000 -@@ -47,7 +47,7 @@ - getpid getppid \ - getuid geteuid getgid getegid getgroups setuid setgid group_member \ - getpgid setpgid getpgrp bsd-getpgrp setpgrp getsid setsid \ -- getresuid getresgid setresuid setresgid \ -+ getresuid getresgid setresuid setresgid issetugid \ - getlogin getlogin_r setlogin \ - pathconf sysconf fpathconf \ - glob glob64 fnmatch regex \ -diff -Naur glibc-2.5.orig/posix/Versions glibc-2.5/posix/Versions ---- glibc-2.5.orig/posix/Versions 2004-05-03 21:25:44.000000000 +0000 -+++ glibc-2.5/posix/Versions 2007-04-25 23:23:21.000000000 +0000 -@@ -38,6 +38,9 @@ - getopt_long_only; getpgid; getpgrp; getpid; getppid; getsid; getuid; glob; - glob_pattern_p; globfree; group_member; - -+ # i* -+ issetugid; -+ - # n* - nanosleep; - -diff -Naur glibc-2.5.orig/posix/issetugid.c glibc-2.5/posix/issetugid.c ---- glibc-2.5.orig/posix/issetugid.c 1970-01-01 00:00:00.000000000 +0000 -+++ glibc-2.5/posix/issetugid.c 2007-04-25 23:23:21.000000000 +0000 -@@ -0,0 +1,61 @@ -+/* -+ * Copyright (C) - 2007 Robert Connolly -+ * -+ * Permission to reproduce, copy, delete, distribute, transmit, use, modify, -+ * build upon or otherwise exploit this software, in any form, for any -+ * purpose, in any way, and by anyone, including by methods that have not -+ * yet been invented or conceived, is hereby granted. -+ */ -+ -+#include -+ -+extern int __libc_enable_secure; -+ -+int issetugid(void) -+{ -+ if (__libc_enable_secure) -+ { -+ return 1; -+ } -+ -+ if (getuid() != geteuid()) -+ { -+ return 1; -+ } -+ -+ if (getgid() != getegid()) -+ { -+ return 1; -+ } -+ -+ /* Else */ -+ return 0; -+} -+ -+#if defined(TEST) -+ -+# include -+ -+int main(void) -+{ -+ int GETUID=getuid(), GETGID=getgid(); -+ int GETEUID=geteuid(), GETEGID=getegid(); -+ int ISSETUGID=issetugid(); -+ -+ printf("Your real user ID is %d\n", GETUID); -+ printf("Your real group ID is %d\n", GETGID); -+ printf("Your effective user ID is %d\n", GETEUID); -+ printf("Your effective group ID is %d\n", GETEGID); -+ -+ if (ISSETUGID == 1) -+ { -+ printf("issetugid() says this program is SUID\n"); -+ } -+ else -+ { -+ printf("issetugid() says this program is not SUID\n"); -+ } -+ -+ return 0; -+} -+#endif /* TEST */ -diff -Naur glibc-2.5.orig/posix/unistd.h glibc-2.5/posix/unistd.h ---- glibc-2.5.orig/posix/unistd.h 2006-08-24 06:46:27.000000000 +0000 -+++ glibc-2.5/posix/unistd.h 2007-04-25 23:23:21.000000000 +0000 -@@ -648,6 +648,10 @@ - /* Get the effective group ID of the calling process. */ - extern __gid_t getegid (void) __THROW; - -+/* Call __libc_enable_secure() and tell us whether the process is -+ SUID or SGID */ -+extern int issetugid(void); -+ - /* If SIZE is zero, return the number of supplementary groups - the calling process is in. Otherwise, fill in the group IDs - of its supplementary groups in LIST and return the number written. */ -diff -Naur glibc-2.5.orig/scripts/data/localplt-i386-linux-gnu.data glibc-2.5/scripts/data/localplt-i386-linux-gnu.data ---- glibc-2.5.orig/scripts/data/localplt-i386-linux-gnu.data 2006-01-11 21:06:19.000000000 +0000 -+++ glibc-2.5/scripts/data/localplt-i386-linux-gnu.data 2007-04-25 23:23:53.000000000 +0000 -@@ -1,6 +1,10 @@ - libc.so: _Unwind_Find_FDE - libc.so: calloc - libc.so: free -+libc.so: getegid -+libc.so: geteuid -+libc.so: getgid -+libc.so: getuid - libc.so: malloc - libc.so: memalign - libc.so: realloc