From da15f97b3926d77ca435f33400c3140340c07063 Mon Sep 17 00:00:00 2001 From: tpearson Date: Wed, 21 Apr 2010 00:06:13 +0000 Subject: [PATCH] Part 1 of 2 of security patch for KDM [CVE-2010-0436] git-svn-id: svn://anonsvn.kde.org/home/kde/branches/trinity/kde-common/admin@1117040 283d02a7-25f6-0310-bc7c-ecb5cbfe19da --- acinclude.m4.in | 55 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) diff --git a/acinclude.m4.in b/acinclude.m4.in index 923345f..1c4a3a3 100644 --- a/acinclude.m4.in +++ b/acinclude.m4.in @@ -4741,6 +4741,61 @@ else fi ]) +AC_DEFUN([KDE_CHECK_HONORS_SOCKET_PERMS], +[ +AC_MSG_CHECKING([if underlying system honors socket permissions]) +AC_CACHE_VAL(ac_cv_honors_socket_perms, +[ +AC_LANG_SAVE +AC_LANG_C +ac_save_LIBS="$LIBS" +ac_save_CPPFLAGS="$CPPFLAGS" +LIBS="$all_libraries" +CPPFLAGS="$CPPFLAGS $all_includes" +AC_TRY_RUN(dnl +[ +#include +#include +#include +#include +#include +#include +#include +int main() +{ + int fd, fd2; + struct sockaddr_un sa; + + if ((fd = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) + return 2; + sa.sun_family = AF_UNIX; + strcpy(sa.sun_path, "testsock"); + unlink(sa.sun_path); + if (bind(fd, (struct sockaddr *)&sa, sizeof(sa))) + return 2; + chmod(sa.sun_path, 0); + setuid(getuid() + 1000); + if ((fd2 = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) + return 2; + connect(fd2, (struct sockaddr *)&sa, sizeof(sa)); + return errno != EACCES; +} +], + ac_cv_honors_socket_perms=yes, + ac_cv_honors_socket_perms=no, + ac_cv_honors_socket_perms=no) +LIBS="$ac_save_LIBS" +CPPFLAGS="$ac_save_CPPFLAGS" +AC_LANG_RESTORE +])dnl +if eval "test \"`echo $ac_cv_honors_socket_perms`\" = yes"; then + AC_MSG_RESULT(yes) + AC_DEFINE_UNQUOTED(HONORS_SOCKET_PERMS, 1, [Defined if the underlying system honors socket permissions]) +else + AC_MSG_RESULT(no) +fi +]) + AC_DEFUN([AM_DISABLE_LIBRARIES], [ AC_PROVIDE([AM_ENABLE_STATIC])