aboutsummaryrefslogtreecommitdiff
path: root/emacs
diff options
context:
space:
mode:
Diffstat (limited to 'emacs')
-rw-r--r--emacs/24.5/04_all_games-sgid.patch259
1 files changed, 259 insertions, 0 deletions
diff --git a/emacs/24.5/04_all_games-sgid.patch b/emacs/24.5/04_all_games-sgid.patch
new file mode 100644
index 0000000..882e3ca
--- /dev/null
+++ b/emacs/24.5/04_all_games-sgid.patch
@@ -0,0 +1,259 @@
+Backport support for update-game-score to run sgid instead of suid.
+This comprises parts of the following commits from upstream git:
+
+commit dbde138155118344b33dfd2db95f688a24a42fec
+Author: Ulrich Müller <ulm@gentoo.org>
+Date: Sun Feb 8 21:00:49 2015 +0100
+
+ configure --with-gameuser now defaults to games group.
+
+commit 74ab488ff2e57f31eb5290266f0f3b1995ebf83e
+Author: Paul Eggert <eggert@cs.ucla.edu>
+Date: Thu Jan 22 00:39:30 2015 -0800
+
+ Check exit statuses in lib-src/Makefile
+
+commit 7f4e7dd378c456b498c270b47b46aaae365a72ab
+Author: Ulrich Müller <ulm@gentoo.org>
+Date: Thu Jan 22 08:24:42 2015 +0100
+
+ Don't fail if chown or chgrp for 'update-game-score' is unsuccessful.
+
+commit 20f66485526b69eb26f2e70bd835a5e1333559d5
+Author: Ulrich Müller <ulm@gentoo.org>
+Date: Fri Jan 16 09:25:25 2015 +0100
+
+ Allow update-game-score to run sgid instead of suid.
+
+--- emacs-24.4-orig/configure.ac
++++ emacs-24.4/configure.ac
+@@ -313,10 +313,20 @@
+ fi
+
+ AC_ARG_WITH(gameuser,dnl
+-[AS_HELP_STRING([--with-gameuser=USER],[user for shared game score files])])
+-test "X${with_gameuser}" != X && test "${with_gameuser}" != yes \
+- && gameuser="${with_gameuser}"
+-test "X$gameuser" = X && gameuser=games
++[AS_HELP_STRING([--with-gameuser=USER_OR_GROUP],
++ [user for shared game score files.
++ An argument prefixed by ':' specifies a group instead.])])
++gameuser=
++gamegroup=
++# We don't test if we can actually chown/chgrp here, because configure
++# may run without root privileges. lib-src/Makefile.in will handle
++# any errors due to missing user/group gracefully.
++case ${with_gameuser} in
++ no) ;;
++ "" | yes) gamegroup=games ;;
++ :*) gamegroup=`echo "${with_gameuser}" | sed -e "s/://"` ;;
++ *) gameuser=${with_gameuser} ;;
++esac
+
+ AC_ARG_WITH([gnustep-conf],dnl
+ [AS_HELP_STRING([--with-gnustep-conf=FILENAME],
+@@ -4658,6 +4668,7 @@
+ AC_SUBST(bitmapdir)
+ AC_SUBST(gamedir)
+ AC_SUBST(gameuser)
++AC_SUBST(gamegroup)
+ ## FIXME? Nothing uses @LD_SWITCH_X_SITE@.
+ ## src/Makefile.in did add LD_SWITCH_X_SITE (as a cpp define) to the
+ ## end of LIBX_BASE, but nothing ever set it.
+--- emacs-24.4-orig/lib-src/Makefile.in
++++ emacs-24.4/lib-src/Makefile.in
+@@ -101,6 +101,7 @@
+
+ gamedir=@gamedir@
+ gameuser=@gameuser@
++gamegroup=@gamegroup@
+
+ # ==================== Utility Programs for the Build =================
+
+@@ -243,10 +244,25 @@
+ umask 022; ${MKDIR_P} "$(DESTDIR)${gamedir}"; \
+ touch "$(DESTDIR)${gamedir}/snake-scores"; \
+ touch "$(DESTDIR)${gamedir}/tetris-scores"
+- -if chown ${gameuser} "$(DESTDIR)${archlibdir}/update-game-score${EXEEXT}" && chmod u+s "$(DESTDIR)${archlibdir}/update-game-score${EXEEXT}"; then \
+- chown ${gameuser} "$(DESTDIR)${gamedir}"; \
++ifneq ($(gameuser),)
++ if chown ${gameuser} \
++ "$(DESTDIR)${archlibdir}/update-game-score${EXEEXT}" && \
++ chmod u+s,go-r \
++ "$(DESTDIR)${archlibdir}/update-game-score${EXEEXT}"; \
++ then \
++ chown ${gameuser} "$(DESTDIR)${gamedir}" && \
++ chmod u=rwx,g=rx,o=rx "$(DESTDIR)${gamedir}"; \
++ fi
++else ifneq ($(gamegroup),)
++ if chgrp ${gamegroup} \
++ "$(DESTDIR)${archlibdir}/update-game-score${EXEEXT}" && \
++ chmod g+s,o-r \
++ "$(DESTDIR)${archlibdir}/update-game-score${EXEEXT}"; \
++ then \
++ chgrp ${gamegroup} "$(DESTDIR)${gamedir}" && \
+ chmod u=rwx,g=rwx,o=rx "$(DESTDIR)${gamedir}"; \
+ fi
++endif
+ exp_archlibdir=`cd "$(DESTDIR)${archlibdir}" && /bin/pwd`; \
+ if [ "$$exp_archlibdir" != "`cd ${srcdir} && /bin/pwd`" ]; then \
+ for file in ${SCRIPTS}; do \
+--- emacs-24.4-orig/lib-src/update-game-score.c
++++ emacs-24.4/lib-src/update-game-score.c
+@@ -21,8 +21,8 @@
+
+
+ /* This program allows a game to securely and atomically update a
+- score file. It should be installed setuid, owned by an appropriate
+- user like `games'.
++ score file. It should be installed either setuid or setgid, owned
++ by an appropriate user or group like `games'.
+
+ Alternatively, it can be compiled without HAVE_SHARED_GAME_DIR
+ defined, and in that case it will store scores in the user's home
+@@ -89,7 +89,7 @@
+ ptrdiff_t *size, struct score_entry const *newscore);
+ static void sort_scores (struct score_entry *scores, ptrdiff_t count,
+ bool reverse);
+-static int write_scores (const char *filename,
++static int write_scores (const char *filename, mode_t mode,
+ const struct score_entry *scores, ptrdiff_t count);
+
+ static _Noreturn void
+@@ -122,18 +122,19 @@
+ }
+
+ static const char *
+-get_prefix (bool running_suid, const char *user_prefix)
++get_prefix (bool privileged, const char *user_prefix)
+ {
+- if (!running_suid && user_prefix == NULL)
+- lose ("Not using a shared game directory, and no prefix given.");
+- if (running_suid)
++ if (privileged)
+ {
+ #ifdef HAVE_SHARED_GAME_DIR
+ return HAVE_SHARED_GAME_DIR;
+ #else
+- lose ("This program was compiled without HAVE_SHARED_GAME_DIR,\n and should not be suid.");
++ lose ("This program was compiled without HAVE_SHARED_GAME_DIR,\n"
++ "and should not run with elevated privileges.");
+ #endif
+ }
++ if (user_prefix == NULL)
++ lose ("Not using a shared game directory, and no prefix given.");
+ return user_prefix;
+ }
+
+@@ -141,7 +142,7 @@
+ main (int argc, char **argv)
+ {
+ int c;
+- bool running_suid;
++ bool running_suid, running_sgid;
+ void *lockstate;
+ char *scorefile;
+ char *nl;
+@@ -183,8 +184,11 @@
+ usage (EXIT_FAILURE);
+
+ running_suid = (getuid () != geteuid ());
++ running_sgid = (getgid () != getegid ());
++ if (running_suid && running_sgid)
++ lose ("This program can run either suid or sgid, but not both.");
+
+- prefix = get_prefix (running_suid, user_prefix);
++ prefix = get_prefix (running_suid || running_sgid, user_prefix);
+
+ scorefile = malloc (strlen (prefix) + strlen (argv[optind]) + 2);
+ if (!scorefile)
+@@ -234,7 +238,8 @@
+ scores += scorecount - max_scores;
+ scorecount = max_scores;
+ }
+- if (write_scores (scorefile, scores, scorecount) < 0)
++ if (write_scores (scorefile, running_sgid ? 0664 : 0644,
++ scores, scorecount) < 0)
+ {
+ unlock_file (scorefile, lockstate);
+ lose_syserr ("Failed to write scores file");
+@@ -429,8 +434,8 @@
+ }
+
+ static int
+-write_scores (const char *filename, const struct score_entry *scores,
+- ptrdiff_t count)
++write_scores (const char *filename, mode_t mode,
++ const struct score_entry *scores, ptrdiff_t count)
+ {
+ int fd;
+ FILE *f;
+@@ -444,7 +449,7 @@
+ if (fd < 0)
+ return -1;
+ #ifndef DOS_NT
+- if (fchmod (fd, 0644) != 0)
++ if (fchmod (fd, mode) != 0)
+ return -1;
+ #endif
+ f = fdopen (fd, "w");
+@@ -460,7 +465,7 @@
+ if (rename (tempfile, filename) != 0)
+ return -1;
+ #ifdef DOS_NT
+- if (chmod (filename, 0644) < 0)
++ if (chmod (filename, mode) < 0)
+ return -1;
+ #endif
+ return 0;
+--- emacs-24.4-orig/lisp/play/gamegrid.el
++++ emacs-24.4/lisp/play/gamegrid.el
+@@ -462,22 +462,22 @@
+ ;; `gamegrid-add-score' was supposed to be used in the past and
+ ;; is covered here for backward-compatibility.
+ ;;
+-;; 2. The helper program "update-game-score" is setuid and the
+-;; file FILE does already exist in a system wide shared game
+-;; directory. This should be the normal case on POSIX systems,
+-;; if the game was installed system wide. Use
++;; 2. The helper program "update-game-score" is setgid or setuid
++;; and the file FILE does already exist in a system wide shared
++;; game directory. This should be the normal case on POSIX
++;; systems, if the game was installed system wide. Use
+ ;; "update-game-score" to add the score to the file in the
+ ;; shared game directory.
+ ;;
+-;; 3. "update-game-score" is setuid, but the file FILE does *not*
+-;; exist in the system wide shared game directory. Use
++;; 3. "update-game-score" is setgid/setuid, but the file FILE does
++;; *not* exist in the system wide shared game directory. Use
+ ;; `gamegrid-add-score-insecure' to create--if necessary--and
+ ;; update FILE. This is for the case that a user has installed
+ ;; a game on her own.
+ ;;
+-;; 4. "update-game-score" is not setuid. Use it to create/update
+-;; FILE in the user's home directory. There is presumably no
+-;; shared game directory.
++;; 4. "update-game-score" is not setgid/setuid. Use it to
++;; create/update FILE in the user's home directory. There is
++;; presumably no shared game directory.
+
+ (defvar gamegrid-shared-game-dir)
+
+@@ -486,13 +486,13 @@
+ (not (zerop (logand (file-modes
+ (expand-file-name "update-game-score"
+ exec-directory))
+- #o4000)))))
++ #o6000)))))
+ (cond ((file-name-absolute-p file)
+ (gamegrid-add-score-insecure file score))
+ ((and gamegrid-shared-game-dir
+ (file-exists-p (expand-file-name file shared-game-score-directory)))
+- ;; Use the setuid "update-game-score" program to update a
+- ;; system-wide score file.
++ ;; Use the setgid (or setuid) "update-game-score" program
++ ;; to update a system-wide score file.
+ (gamegrid-add-score-with-update-game-score-1 file
+ (expand-file-name file shared-game-score-directory) score))
+ ;; Else: Add the score to a score file in the user's home