gdm

Merge lp:~kees/gdm/system-uid into lp:~ubuntu-desktop/gdm/ubuntu

  1. system-uid
  2. Merge into ubuntu
Proposed by Kees Cook
Status: Merged
Merged at revision: not available
Proposed branch: lp:~kees/gdm/system-uid
Merge into: lp:~ubuntu-desktop/gdm/ubuntu
Diff against target: 419 lines (+334/-70)
2 files modified
debian/changelog (+7/-0)
debian/patches/24_system_uid.patch (+327/-70)
To merge this branch: bzr merge lp:~kees/gdm/system-uid
Reviewer Review Type Date Requested Status
Sebastien Bacher Approve
Review via email: mp+16091@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Kees Cook (kees) wrote :

Fixes bug 459199.

Revision history for this message
Sebastien Bacher (seb128) wrote :

Looks good, feel free to commit and upload to lucid!

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'debian/changelog'
2--- debian/changelog 2009-12-12 21:55:27 +0000
3+++ debian/changelog 2009-12-13 09:58:09 +0000
4@@ -1,3 +1,10 @@
5+gdm (2.29.1-0ubuntu6) UNRELEASED; urgency=low
6+
7+ * debian/patches/24_system_uid.patch: use configured system UID
8+ minimum instead of hard-coded value (LP: #459199).
9+
10+ -- Kees Cook <kees@ubuntu.com> Sun, 13 Dec 2009 01:51:34 -0800
11+
12 gdm (2.29.1-0ubuntu5) lucid; urgency=low
13
14 * debian/patches/15_default_session.patch: (LP: #403291)
15
16=== modified file 'debian/patches/24_system_uid.patch'
17--- debian/patches/24_system_uid.patch 2009-10-14 07:50:09 +0000
18+++ debian/patches/24_system_uid.patch 2009-12-13 09:58:09 +0000
19@@ -1,73 +1,330 @@
20 #
21-# Description: Ignore users with UID < 1000
22+# Description: Ignore users with UID below system configured minimum.
23 # Ubuntu: https://bugs.launchpad.net/ubuntu/+source/gdm/+bug/427462
24+# Ubuntu: https://bugs.launchpad.net/ubuntu/+source/gdm/+bug/459199
25 #
26-diff -Nur -x '*.orig' -x '*~' gdm-2.28.0/daemon/gdm-user-manager.c gdm-2.28.0.new/daemon/gdm-user-manager.c
27---- gdm-2.28.0/daemon/gdm-user-manager.c 2009-10-14 18:31:35.000000000 +1100
28-+++ gdm-2.28.0.new/daemon/gdm-user-manager.c 2009-10-14 18:34:59.000000000 +1100
29-@@ -66,7 +66,7 @@
30- #ifdef __sun
31- #define DEFAULT_MINIMAL_UID 100
32- #else
33--#define DEFAULT_MINIMAL_UID 500
34-+#define DEFAULT_MINIMAL_UID 1000
35- #endif
36-
37- #ifndef _PATH_SHELLS
38-@@ -539,6 +539,10 @@
39- return;
40- }
41-
42-+ if (pwent->pw_uid < DEFAULT_MINIMAL_UID) {
43-+ return;
44-+ }
45-+
46- /* check exclusions up front */
47- if (g_hash_table_lookup (manager->priv->exclusions, pwent->pw_name)) {
48- g_debug ("GdmUserManager: excluding user '%s'", pwent->pw_name);
49-diff -Nur -x '*.orig' -x '*~' gdm-2.28.0/gui/gdmsetup/gdm-user-manager.c gdm-2.28.0.new/gui/gdmsetup/gdm-user-manager.c
50---- gdm-2.28.0/gui/gdmsetup/gdm-user-manager.c 2009-10-14 18:31:34.000000000 +1100
51-+++ gdm-2.28.0.new/gui/gdmsetup/gdm-user-manager.c 2009-10-14 18:33:38.000000000 +1100
52-@@ -66,7 +66,7 @@
53- #ifdef __sun
54- #define DEFAULT_MINIMAL_UID 100
55- #else
56--#define DEFAULT_MINIMAL_UID 500
57-+#define DEFAULT_MINIMAL_UID 1000
58- #endif
59-
60- #ifndef _PATH_SHELLS
61-@@ -835,6 +835,10 @@
62- return;
63- }
64-
65-+ if (pwent->pw_uid < DEFAULT_MINIMAL_UID) {
66-+ return;
67-+ }
68-+
69- /* check exclusions up front */
70- if (g_hash_table_lookup (manager->priv->exclusions, pwent->pw_name)) {
71- g_debug ("GdmUserManager: excluding user '%s'", pwent->pw_name);
72-diff -Nur -x '*.orig' -x '*~' gdm-2.28.0/gui/simple-greeter/gdm-user-manager.c gdm-2.28.0.new/gui/simple-greeter/gdm-user-manager.c
73---- gdm-2.28.0/gui/simple-greeter/gdm-user-manager.c 2009-10-14 18:31:35.000000000 +1100
74-+++ gdm-2.28.0.new/gui/simple-greeter/gdm-user-manager.c 2009-10-14 18:34:14.000000000 +1100
75-@@ -66,7 +66,7 @@
76- #ifdef __sun
77- #define DEFAULT_MINIMAL_UID 100
78- #else
79--#define DEFAULT_MINIMAL_UID 500
80-+#define DEFAULT_MINIMAL_UID 1000
81- #endif
82-
83- #ifndef _PATH_SHELLS
84-@@ -909,6 +909,10 @@
85- return;
86- }
87-
88-+ if (pwent->pw_uid < DEFAULT_MINIMAL_UID) {
89-+ return;
90-+ }
91-+
92- /* check exclusions up front */
93- if (g_hash_table_lookup (manager->priv->exclusions, pwent->pw_name)) {
94- g_debug ("GdmUserManager: excluding user '%s'", pwent->pw_name);
95+diff -Nur -x '*.orig' -x '*~' gdm-2.29.1/daemon/gdm-user-manager.c gdm-2.29.1.new/daemon/gdm-user-manager.c
96+--- gdm-2.29.1/daemon/gdm-user-manager.c 2009-12-13 01:44:20.000000000 -0800
97++++ gdm-2.29.1.new/daemon/gdm-user-manager.c 2009-12-13 01:46:53.000000000 -0800
98+@@ -29,6 +29,7 @@
99+ #include <errno.h>
100+ #include <sys/stat.h>
101+ #include <sys/types.h>
102++#include <ctype.h>
103+
104+ #ifdef HAVE_PATHS_H
105+ #include <paths.h>
106+@@ -66,7 +67,7 @@
107+ #ifdef __sun
108+ #define DEFAULT_MINIMAL_UID 100
109+ #else
110+-#define DEFAULT_MINIMAL_UID 500
111++#define DEFAULT_MINIMAL_UID 1000
112+ #endif
113+
114+ #ifndef _PATH_SHELLS
115+@@ -114,6 +115,7 @@
116+
117+ guint reload_id;
118+ guint ck_history_id;
119++ guint minimal_uid;
120+
121+ guint8 loaded_passwd : 1;
122+ guint8 loaded_cache : 1;
123+@@ -539,6 +541,10 @@
124+ return;
125+ }
126+
127++ if (pwent->pw_uid < manager->priv->minimal_uid) {
128++ return;
129++ }
130++
131+ /* check exclusions up front */
132+ if (g_hash_table_lookup (manager->priv->exclusions, pwent->pw_name)) {
133+ g_debug ("GdmUserManager: excluding user '%s'", pwent->pw_name);
134+@@ -857,7 +863,7 @@
135+ g_warning ("Unable to lookup user name %s: %s", username, g_strerror (errno));
136+ return;
137+ }
138+- if (pwent->pw_uid < DEFAULT_MINIMAL_UID) {
139++ if (pwent->pw_uid < manager->priv->minimal_uid) {
140+ g_debug ("GdmUserManager: excluding user '%s'", username);
141+ return;
142+ }
143+@@ -1010,6 +1016,7 @@
144+ g_free (command);
145+ }
146+
147++
148+ static void
149+ reload_passwd (GdmUserManager *manager)
150+ {
151+@@ -1046,7 +1053,7 @@
152+ user = NULL;
153+
154+ /* Skip users below MinimalUID... */
155+- if (pwent->pw_uid < DEFAULT_MINIMAL_UID) {
156++ if (pwent->pw_uid < manager->priv->minimal_uid) {
157+ continue;
158+ }
159+
160+@@ -1266,6 +1273,39 @@
161+ dbus_g_object_type_install_info (GDM_TYPE_USER_MANAGER, &dbus_glib_gdm_user_manager_object_info);
162+ }
163+
164++
165++static guint
166++system_minimal_uid (void)
167++{
168++ guint uid = DEFAULT_MINIMAL_UID;
169++#ifndef __sun
170++ char *defspath = "/etc/login.defs";
171++ FILE *fp;
172++ char line[128];
173++
174++ errno = 0;
175++ fp = fopen (defspath, "r");
176++ if (fp == NULL) {
177++ g_warning ("Unable to open %s: %s", defspath, g_strerror (errno));
178++ goto out;
179++ }
180++ while (fgets (line, sizeof(line), fp)) {
181++ if (strncmp (line, "UID_MIN", 7) == 0) {
182++ char *ptr = line + 7;
183++ int value;
184++ while (*ptr && isblank (*ptr)) { ptr++; }
185++ value = atoi (ptr);
186++ if (value) uid = value;
187++ break;
188++ }
189++ }
190++ fclose (fp);
191++#endif
192++out:
193++ return uid;
194++}
195++
196++
197+ static void
198+ gdm_user_manager_init (GdmUserManager *manager)
199+ {
200+@@ -1276,6 +1316,8 @@
201+
202+ manager->priv = GDM_USER_MANAGER_GET_PRIVATE (manager);
203+
204++ manager->priv->minimal_uid = system_minimal_uid ();
205++
206+ /* sessions */
207+ manager->priv->sessions = g_hash_table_new_full (g_str_hash,
208+ g_str_equal,
209+diff -Nur -x '*.orig' -x '*~' gdm-2.29.1/gui/gdmsetup/gdm-user-manager.c gdm-2.29.1.new/gui/gdmsetup/gdm-user-manager.c
210+--- gdm-2.29.1/gui/gdmsetup/gdm-user-manager.c 2009-12-13 01:44:20.000000000 -0800
211++++ gdm-2.29.1.new/gui/gdmsetup/gdm-user-manager.c 2009-12-13 01:47:05.000000000 -0800
212+@@ -29,6 +29,7 @@
213+ #include <errno.h>
214+ #include <sys/stat.h>
215+ #include <sys/types.h>
216++#include <ctype.h>
217+
218+ #ifdef HAVE_PATHS_H
219+ #include <paths.h>
220+@@ -66,7 +67,7 @@
221+ #ifdef __sun
222+ #define DEFAULT_MINIMAL_UID 100
223+ #else
224+-#define DEFAULT_MINIMAL_UID 500
225++#define DEFAULT_MINIMAL_UID 1000
226+ #endif
227+
228+ #ifndef _PATH_SHELLS
229+@@ -112,6 +113,7 @@
230+
231+ guint reload_id;
232+ guint ck_history_id;
233++ guint minimal_uid;
234+
235+ guint8 users_dirty : 1;
236+ };
237+@@ -835,6 +837,10 @@
238+ return;
239+ }
240+
241++ if (pwent->pw_uid < manager->priv->minimal_uid) {
242++ return;
243++ }
244++
245+ /* check exclusions up front */
246+ if (g_hash_table_lookup (manager->priv->exclusions, pwent->pw_name)) {
247+ g_debug ("GdmUserManager: excluding user '%s'", pwent->pw_name);
248+@@ -1154,7 +1160,7 @@
249+ g_warning ("Unable to lookup user name %s: %s", username, g_strerror (errno));
250+ return;
251+ }
252+- if (pwent->pw_uid < DEFAULT_MINIMAL_UID) {
253++ if (pwent->pw_uid < manager->priv->minimal_uid) {
254+ g_debug ("GdmUserManager: excluding user '%s'", username);
255+ return;
256+ }
257+@@ -1317,7 +1323,7 @@
258+ user = NULL;
259+
260+ /* Skip users below MinimalUID... */
261+- if (pwent->pw_uid < DEFAULT_MINIMAL_UID) {
262++ if (pwent->pw_uid < manager->priv->minimal_uid) {
263+ continue;
264+ }
265+
266+@@ -1525,6 +1531,39 @@
267+ g_type_class_add_private (klass, sizeof (GdmUserManagerPrivate));
268+ }
269+
270++
271++static guint
272++system_minimal_uid (void)
273++{
274++ guint uid = DEFAULT_MINIMAL_UID;
275++#ifndef __sun
276++ char *defspath = "/etc/login.defs";
277++ FILE *fp;
278++ char line[128];
279++
280++ errno = 0;
281++ fp = fopen (defspath, "r");
282++ if (fp == NULL) {
283++ g_warning ("Unable to open %s: %s", defspath, g_strerror (errno));
284++ goto out;
285++ }
286++ while (fgets (line, sizeof(line), fp)) {
287++ if (strncmp (line, "UID_MIN", 7) == 0) {
288++ char *ptr = line + 7;
289++ int value;
290++ while (*ptr && isblank (*ptr)) { ptr++; }
291++ value = atoi (ptr);
292++ if (value) uid = value;
293++ break;
294++ }
295++ }
296++ fclose (fp);
297++#endif
298++out:
299++ return uid;
300++}
301++
302++
303+ static void
304+ gdm_user_manager_init (GdmUserManager *manager)
305+ {
306+@@ -1535,6 +1574,8 @@
307+
308+ manager->priv = GDM_USER_MANAGER_GET_PRIVATE (manager);
309+
310++ manager->priv->minimal_uid = system_minimal_uid ();
311++
312+ /* sessions */
313+ manager->priv->sessions = g_hash_table_new_full (g_str_hash,
314+ g_str_equal,
315+diff -Nur -x '*.orig' -x '*~' gdm-2.29.1/gui/simple-greeter/gdm-user-manager.c gdm-2.29.1.new/gui/simple-greeter/gdm-user-manager.c
316+--- gdm-2.29.1/gui/simple-greeter/gdm-user-manager.c 2009-12-13 01:44:20.000000000 -0800
317++++ gdm-2.29.1.new/gui/simple-greeter/gdm-user-manager.c 2009-12-13 01:45:26.000000000 -0800
318+@@ -29,6 +29,7 @@
319+ #include <errno.h>
320+ #include <sys/stat.h>
321+ #include <sys/types.h>
322++#include <ctype.h>
323+
324+ #ifdef HAVE_PATHS_H
325+ #include <paths.h>
326+@@ -67,7 +68,7 @@
327+ #ifdef __sun
328+ #define DEFAULT_MINIMAL_UID 100
329+ #else
330+-#define DEFAULT_MINIMAL_UID 500
331++#define DEFAULT_MINIMAL_UID 1000
332+ #endif
333+
334+ #ifndef _PATH_SHELLS
335+@@ -98,6 +99,7 @@
336+
337+ guint reload_id;
338+ guint ck_history_id;
339++ guint minimal_uid;
340+
341+ guint8 users_dirty : 1;
342+ guint8 loaded_cache : 1;
343+@@ -928,6 +930,10 @@
344+ return;
345+ }
346+
347++ if (pwent->pw_uid < manager->priv->minimal_uid) {
348++ return;
349++ }
350++
351+ /* check exclusions up front */
352+ if (user_in_exclude_list (manager, pwent->pw_name)) {
353+ g_debug ("GdmUserManager: excluding user '%s'", pwent->pw_name);
354+@@ -1259,7 +1265,7 @@
355+ g_warning ("Unable to lookup user name %s: %s", username, g_strerror (errno));
356+ return;
357+ }
358+- if (pwent->pw_uid < DEFAULT_MINIMAL_UID) {
359++ if (pwent->pw_uid < manager->priv->minimal_uid) {
360+ g_debug ("GdmUserManager: excluding user '%s'", username);
361+ return;
362+ }
363+@@ -1491,7 +1497,7 @@
364+ user = NULL;
365+
366+ /* Skip users below MinimalUID... */
367+- if (pwent->pw_uid < DEFAULT_MINIMAL_UID) {
368++ if (pwent->pw_uid < manager->priv->minimal_uid) {
369+ continue;
370+ }
371+
372+@@ -1765,6 +1771,38 @@
373+ }
374+
375+
376++static guint
377++system_minimal_uid (void)
378++{
379++ guint uid = DEFAULT_MINIMAL_UID;
380++#ifndef __sun
381++ char *defspath = "/etc/login.defs";
382++ FILE *fp;
383++ char line[128];
384++
385++ errno = 0;
386++ fp = fopen (defspath, "r");
387++ if (fp == NULL) {
388++ g_warning ("Unable to open %s: %s", defspath, g_strerror (errno));
389++ goto out;
390++ }
391++ while (fgets (line, sizeof(line), fp)) {
392++ if (strncmp (line, "UID_MIN", 7) == 0) {
393++ char *ptr = line + 7;
394++ int value;
395++ while (*ptr && isblank (*ptr)) { ptr++; }
396++ value = atoi (ptr);
397++ if (value) uid = value;
398++ break;
399++ }
400++ }
401++ fclose (fp);
402++#endif
403++out:
404++ return uid;
405++}
406++
407++
408+ static void
409+ gdm_user_manager_init (GdmUserManager *manager)
410+ {
411+@@ -1776,6 +1814,8 @@
412+
413+ manager->priv = GDM_USER_MANAGER_GET_PRIVATE (manager);
414+
415++ manager->priv->minimal_uid = system_minimal_uid ();
416++
417+ /* exclude/include */
418+ g_debug ("Setting users to include:");
419+ res = gdm_settings_client_get_string (GDM_KEY_INCLUDE,

Subscribers

People subscribed via source and target branches

to all changes: