File 0001-Fix-X-not-having-access-control-on-startup... of Package sddm

Overview Repositories Revisions Requests Users Attributes Meta

File 0001-Fix-X-not-having-access-control-on-startup.patch of Package sddm

From 47d3a2a3eb32c2d9218f50a801a17d066f3fb463 Mon Sep 17 00:00:00 2001
From: Fabian Vogt <fabian@ritter-vogt.de>
Date: Tue, 6 Oct 2020 21:21:38 +0200
Subject: [PATCH 1/2] Fix X not having access control on startup

If the auth file is empty, X allows any local application (= any user on the
system) to connect. This is currently the case until X wrote the display
number to sddm and sddm used that to write the entry into the file.
To work around this chicken-and-egg problem, make use of the fact that X
doesn't actually look at the display number in the passed auth file and just
use :0 unconditionally. Also make sure that writing the entry was actually
successful.

CVE-2020-28049

(cherry picked from commit be202f533ab98a684c6a007e8d5b4357846bc222)
---
 src/daemon/XorgDisplayServer.cpp | 25 ++++++++++++++++++++-----
 src/daemon/XorgDisplayServer.h   |  2 +-
 2 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/src/daemon/XorgDisplayServer.cpp b/src/daemon/XorgDisplayServer.cpp
index 28ce524..0d3c7ca 100644
--- a/src/daemon/XorgDisplayServer.cpp
+++ b/src/daemon/XorgDisplayServer.cpp
@@ -87,7 +87,7 @@ namespace SDDM {
         return m_cookie;
     }
 
-    void XorgDisplayServer::addCookie(const QString &file) {
+    bool XorgDisplayServer::addCookie(const QString &file) {
         // log message
         qDebug() << "Adding cookie to" << file;
 
@@ -103,13 +103,13 @@ namespace SDDM {
 
         // check file
         if (!fp)
-            return;
+            return false;
         fprintf(fp, "remove %s\n", qPrintable(m_display));
         fprintf(fp, "add %s . %s\n", qPrintable(m_display), qPrintable(m_cookie));
         fprintf(fp, "exit\n");
 
         // close pipe
-        pclose(fp);
+        return pclose(fp) == 0;
     }
 
     bool XorgDisplayServer::start() {
@@ -126,6 +126,15 @@ namespace SDDM {
         // log message
         qDebug() << "Display server starting...";
 
+        // generate auth file.
+        // For the X server's copy, the display number doesn't matter.
+        // An empty file would result in no access control!
+        m_display = QStringLiteral(":0");
+        if(!addCookie(m_authPath)) {
+            qCritical() << "Failed to write xauth file";
+            return false;
+        }
+
         if (daemonApp->testing()) {
             QStringList args;
             args << m_display << QStringLiteral("-ac") << QStringLiteral("-br") << QStringLiteral("-noreset") << QStringLiteral("-screen") << QStringLiteral("800x600");
@@ -210,8 +219,14 @@ namespace SDDM {
             emit started();
         }
 
-        // generate auth file
-        addCookie(m_authPath);
+        // The file is also used by the greeter, which does care about the
+        // display number. Write the proper entry, if it's different.
+        if(m_display != QStringLiteral(":0")) {
+            if(!addCookie(m_authPath)) {
+                qCritical() << "Failed to write xauth file";
+                return false;
+            }
+        }
         changeOwner(m_authPath);
 
         // set flag
diff --git a/src/daemon/XorgDisplayServer.h b/src/daemon/XorgDisplayServer.h
index d2bdf6d..e97a0b5 100644
--- a/src/daemon/XorgDisplayServer.h
+++ b/src/daemon/XorgDisplayServer.h
@@ -40,7 +40,7 @@ namespace SDDM {
 
         const QString &cookie() const;
 
-        void addCookie(const QString &file);
+        bool addCookie(const QString &file);
 
     public slots:
         bool start();
-- 
2.25.1

Places

File 0001-Fix-X-not-having-access-control-on-startup.patch of Package sddm

Places