diff options
Diffstat (limited to 'emacs/23.4/23_all_games-sgid.patch')
| -rw-r--r-- | emacs/23.4/23_all_games-sgid.patch | 265 |
1 files changed, 0 insertions, 265 deletions
diff --git a/emacs/23.4/23_all_games-sgid.patch b/emacs/23.4/23_all_games-sgid.patch deleted file mode 100644 index 812ab4c..0000000 --- a/emacs/23.4/23_all_games-sgid.patch +++ /dev/null @@ -1,265 +0,0 @@ -Backport support for update-game-score to run sgid instead of suid. -This comprises parts of the following commits from upstream git: - -commit dbde138155118344b33dfd2db95f688a24a42fec -Author: Ulrich Müller <ulm@gentoo.org> -Date: Sun Feb 8 21:00:49 2015 +0100 - - configure --with-gameuser now defaults to games group. - -commit 74ab488ff2e57f31eb5290266f0f3b1995ebf83e -Author: Paul Eggert <eggert@cs.ucla.edu> -Date: Thu Jan 22 00:39:30 2015 -0800 - - Check exit statuses in lib-src/Makefile - -commit 7f4e7dd378c456b498c270b47b46aaae365a72ab -Author: Ulrich Müller <ulm@gentoo.org> -Date: Thu Jan 22 08:24:42 2015 +0100 - - Don't fail if chown or chgrp for 'update-game-score' is unsuccessful. - -commit 20f66485526b69eb26f2e70bd835a5e1333559d5 -Author: Ulrich Müller <ulm@gentoo.org> -Date: Fri Jan 16 09:25:25 2015 +0100 - - Allow update-game-score to run sgid instead of suid. - ---- emacs-23.4-orig/configure.in -+++ emacs-23.4/configure.in -@@ -39,8 +39,6 @@ - docdir='${datadir}/emacs/${version}/etc' - gamedir='${localstatedir}/games/emacs' - --gameuser=games -- - dnl OPTION_DEFAULT_OFF(NAME, HELP-STRING) - dnl Create a new --with option that defaults to being disabled. - dnl NAME is the base name of the option. The shell variable with_NAME -@@ -176,10 +174,20 @@ - CRT_DIR="${with_crt_dir}" - - AC_ARG_WITH(gameuser,dnl --[AS_HELP_STRING([--with-gameuser=USER],[user for shared game score files])]) --test "X${with_gameuser}" != X && test "${with_gameuser}" != yes \ -- && gameuser="${with_gameuser}" --test "X$gameuser" = X && gameuser=games -+[AS_HELP_STRING([--with-gameuser=USER_OR_GROUP], -+ [user for shared game score files. -+ An argument prefixed by ':' specifies a group instead.])]) -+gameuser= -+gamegroup= -+# We don't test if we can actually chown/chgrp here, because configure -+# may run without root privileges. lib-src/Makefile.in will handle -+# any errors due to missing user/group gracefully. -+case ${with_gameuser} in -+ no) ;; -+ "" | yes) gamegroup=games ;; -+ :*) gamegroup=`echo "${with_gameuser}" | sed -e "s/://"` ;; -+ *) gameuser=${with_gameuser} ;; -+esac - - AC_ARG_WITH([gnustep-conf],dnl - [AS_HELP_STRING([--with-gnustep-conf=PATH],[path to GNUstep.conf; default $GNUSTEP_CONFIG_FILE, or /etc/GNUstep/GNUstep.conf])]) -@@ -2708,6 +2716,7 @@ - AC_SUBST(bitmapdir) - AC_SUBST(gamedir) - AC_SUBST(gameuser) -+AC_SUBST(gamegroup) - AC_SUBST(c_switch_system) - AC_SUBST(c_switch_machine) - AC_SUBST(LD_SWITCH_X_SITE) ---- emacs-23.4-orig/lib-src/Makefile.in -+++ emacs-23.4/lib-src/Makefile.in -@@ -90,6 +90,7 @@ - - gamedir=@gamedir@ - gameuser=@gameuser@ -+gamegroup=@gamegroup@ - - # ==================== Utility Programs for the Build ================= - -@@ -310,10 +311,25 @@ - /* If the following commands fail, that is not a big deal. - update-game-score will detect at runtime that it is not setuid, - and handle things accordingly. */ -- -if chown ${gameuser} $(DESTDIR)${archlibdir}/update-game-score && chmod u+s $(DESTDIR)${archlibdir}/update-game-score; then \ -- chown ${gameuser} $(DESTDIR)${gamedir}; \ -- chmod u=rwx,g=rwx,o=rx $(DESTDIR)${gamedir}; \ -+ifneq ($(gameuser),) -+ if chown ${gameuser} \ -+ "$(DESTDIR)${archlibdir}/update-game-score${EXEEXT}" && \ -+ chmod u+s,go-r \ -+ "$(DESTDIR)${archlibdir}/update-game-score${EXEEXT}"; \ -+ then \ -+ chown ${gameuser} "$(DESTDIR)${gamedir}" && \ -+ chmod u=rwx,g=rx,o=rx "$(DESTDIR)${gamedir}"; \ - fi -+else ifneq ($(gamegroup),) -+ if chgrp ${gamegroup} \ -+ "$(DESTDIR)${archlibdir}/update-game-score${EXEEXT}" && \ -+ chmod g+s,o-r \ -+ "$(DESTDIR)${archlibdir}/update-game-score${EXEEXT}"; \ -+ then \ -+ chgrp ${gamegroup} "$(DESTDIR)${gamedir}" && \ -+ chmod u=rwx,g=rwx,o=rx "$(DESTDIR)${gamedir}"; \ -+ fi -+endif - if [ `(cd $(DESTDIR)${archlibdir} && /bin/pwd)` \ - != `(cd ${srcdir} && /bin/pwd)` ]; then \ - for file in ${SCRIPTS}; do \ ---- emacs-23.4-orig/lib-src/update-game-score.c -+++ emacs-23.4/lib-src/update-game-score.c -@@ -22,8 +22,8 @@ - - - /* This program allows a game to securely and atomically update a -- score file. It should be installed setuid, owned by an appropriate -- user like `games'. -+ score file. It should be installed either setuid or setgid, owned -+ by an appropriate user or group like `games'. - - Alternatively, it can be compiled without HAVE_SHARED_GAME_DIR - defined, and in that case it will store scores in the user's home -@@ -104,8 +104,8 @@ - int push_score P_ ((struct score_entry **scores, int *count, - int newscore, char *username, char *newdata)); - void sort_scores P_ ((struct score_entry *scores, int count, int reverse)); --int write_scores P_ ((const char *filename, const struct score_entry *scores, -- int count)); -+int write_scores P_ ((const char *filename, mode_t mode, -+ const struct score_entry *scores, int count)); - - void lose P_ ((const char *msg)) NO_RETURN; - -@@ -166,20 +166,21 @@ - } - - char * --get_prefix (running_suid, user_prefix) -- int running_suid; -+get_prefix (privileged, user_prefix) -+ int privileged; - char *user_prefix; - { -- if (!running_suid && user_prefix == NULL) -- lose ("Not using a shared game directory, and no prefix given."); -- if (running_suid) -+ if (privileged) - { - #ifdef HAVE_SHARED_GAME_DIR - return HAVE_SHARED_GAME_DIR; - #else -- lose ("This program was compiled without HAVE_SHARED_GAME_DIR,\n and should not be suid."); -+ lose ("This program was compiled without HAVE_SHARED_GAME_DIR,\n" -+ "and should not run with elevated privileges."); - #endif - } -+ if (user_prefix == NULL) -+ lose ("Not using a shared game directory, and no prefix given."); - return user_prefix; - } - -@@ -188,7 +189,7 @@ - int argc; - char **argv; - { -- int c, running_suid; -+ int c, running_suid, running_sgid; - void *lockstate; - char *user_id, *scorefile, *prefix, *user_prefix = NULL; - struct stat buf; -@@ -223,8 +224,11 @@ - usage (EXIT_FAILURE); - - running_suid = (getuid () != geteuid ()); -+ running_sgid = (getgid () != getegid ()); -+ if (running_suid && running_sgid) -+ lose ("This program can run either suid or sgid, but not both."); - -- prefix = get_prefix (running_suid, user_prefix); -+ prefix = get_prefix (running_suid || running_sgid, user_prefix); - - scorefile = malloc (strlen (prefix) + strlen (argv[optind]) + 2); - if (!scorefile) -@@ -263,7 +267,8 @@ - scorecount -= (scorecount - MAX_SCORES); - if (reverse) - scores += (scorecount - MAX_SCORES); -- if (write_scores (scorefile, scores, scorecount) < 0) -+ if (write_scores (scorefile, running_sgid ? 0664 : 0644, -+ scores, scorecount) < 0) - { - unlock_file (scorefile, lockstate); - lose_syserr ("Failed to write scores file"); -@@ -445,8 +450,9 @@ - } - - int --write_scores (filename, scores, count) -+write_scores (filename, mode, scores, count) - const char *filename; -+ mode_t mode; - const struct score_entry * scores; - int count; - { -@@ -471,7 +477,7 @@ - fclose (f); - if (rename (tempfile, filename) < 0) - return -1; -- if (chmod (filename, 0644) < 0) -+ if (chmod (filename, mode) < 0) - return -1; - return 0; - } ---- emacs-23.4-orig/lisp/play/gamegrid.el -+++ emacs-23.4/lisp/play/gamegrid.el -@@ -466,22 +466,22 @@ - ;; `gamegrid-add-score' was supposed to be used in the past and - ;; is covered here for backward-compatibility. - ;; --;; 2. The helper program "update-game-score" is setuid and the --;; file FILE does already exist in a system wide shared game --;; directory. This should be the normal case on POSIX systems, --;; if the game was installed system wide. Use -+;; 2. The helper program "update-game-score" is setgid or setuid -+;; and the file FILE does already exist in a system wide shared -+;; game directory. This should be the normal case on POSIX -+;; systems, if the game was installed system wide. Use - ;; "update-game-score" to add the score to the file in the - ;; shared game directory. - ;; --;; 3. "update-game-score" is setuid, but the file FILE does *not* --;; exist in the system wide shared game directory. Use -+;; 3. "update-game-score" is setgid/setuid, but the file FILE does -+;; *not* exist in the system wide shared game directory. Use - ;; `gamegrid-add-score-insecure' to create--if necessary--and - ;; update FILE. This is for the case that a user has installed - ;; a game on her own. - ;; --;; 4. "update-game-score" is not setuid. Use it to create/update --;; FILE in the user's home directory. There is presumably no --;; shared game directory. -+;; 4. "update-game-score" is not setgid/setuid. Use it to -+;; create/update FILE in the user's home directory. There is -+;; presumably no shared game directory. - - (defvar gamegrid-shared-game-dir) - -@@ -491,13 +491,13 @@ - (not (zerop (logand (file-modes - (expand-file-name "update-game-score" - exec-directory)) -- #o4000))))) -+ #o6000))))) - (cond ((file-name-absolute-p file) - (gamegrid-add-score-insecure file score)) - ((and gamegrid-shared-game-dir - (file-exists-p (expand-file-name file shared-game-score-directory))) -- ;; Use the setuid "update-game-score" program to update a -- ;; system-wide score file. -+ ;; Use the setgid (or setuid) "update-game-score" program -+ ;; to update a system-wide score file. - (gamegrid-add-score-with-update-game-score-1 file - (expand-file-name file shared-game-score-directory) score)) - ;; Else: Add the score to a score file in the user's home |