You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
tde-packaging/redhat/tdebase/kdebase-3.5.13-fix_kdesktop...

158 lines
4.7 KiB

commit f05f9dc7532ea41c49b3e9385165d942dfab5d0e
Author: Timothy Pearson <kb9vqf@pearsoncomputing.net>
Date: 1327036924 -0600
If someone manages to close down kdesktop_lock through an undiscovered security vulnerability such as http://security-tracker.debian.org/tracker/CVE-2012-0064, immediately terminate the compromised TDE session
diff --git a/kdesktop/lock/lockprocess.cc b/kdesktop/lock/lockprocess.cc
index 6bd18f7..2588bbf 100644
--- a/kdesktop/lock/lockprocess.cc
+++ b/kdesktop/lock/lockprocess.cc
@@ -326,10 +326,8 @@ static int signal_pipe[2];
static void sigterm_handler(int)
{
if (!trinity_desktop_lock_in_sec_dlg) {
- char tmp = 'T';
- if (::write( signal_pipe[1], &tmp, 1) == -1) {
- // Error handler to shut up gcc warnings
- }
+ // Exit uncleanly
+ exit(1);
}
}
@@ -522,7 +520,7 @@ void LockProcess::setupSignals()
sigaddset(&(act.sa_mask), SIGQUIT);
act.sa_flags = 0;
sigaction(SIGQUIT, &act, 0L);
- // exit cleanly on SIGTERM
+ // exit uncleanly on SIGTERM
act.sa_handler= sigterm_handler;
sigemptyset(&(act.sa_mask));
sigaddset(&(act.sa_mask), SIGTERM);
diff --git a/kdesktop/lockeng.cc b/kdesktop/lockeng.cc
index b957218..c5306e9 100644
--- a/kdesktop/lockeng.cc
+++ b/kdesktop/lockeng.cc
@@ -36,10 +36,11 @@ bool trinity_lockeng_sak_available = TRUE;
// a newly started process.
//
SaverEngine::SaverEngine()
- : KScreensaverIface(),
- TQWidget(),
+ : TQWidget(),
+ KScreensaverIface(),
mBlankOnly(false),
- mSAKProcess(NULL)
+ mSAKProcess(NULL),
+ mTerminationRequested(false)
{
// Save X screensaver parameters
XGetScreenSaver(qt_xdisplay(), &mXTimeout, &mXInterval,
@@ -340,6 +341,7 @@ void SaverEngine::stopLockProcess()
kdDebug(1204) << "SaverEngine: stopping lock" << endl;
emitDCOPSignal("KDE_stop_screensaver()", TQByteArray());
+ mTerminationRequested=true;
mLockProcess.kill();
if (mEnabled)
@@ -357,7 +359,33 @@ void SaverEngine::stopLockProcess()
void SaverEngine::lockProcessExited()
{
+printf("Lock process exited\n\r"); fflush(stdout);
+ bool abnormalExit = false;
kdDebug(1204) << "SaverEngine: lock exited" << endl;
+ if (mLockProcess.normalExit() == false) {
+ abnormalExit = true;
+ }
+ else {
+ if (mLockProcess.exitStatus() != 0) {
+ abnormalExit = true;
+ }
+ }
+ if (mTerminationRequested == true) {
+ abnormalExit = false;
+ }
+ if (abnormalExit == true) {
+ // PROBABLE HACKING ATTEMPT DETECTED
+ // Terminate the TDE session ASAP!
+ // Values are explained at http://lists.kde.org/?l=kde-linux&m=115770988603387
+ TQByteArray data;
+ TQDataStream arg(data, IO_WriteOnly);
+ arg << (int)0 << (int)0 << (int)2;
+ if ( ! kapp->dcopClient()->send("ksmserver", "default", "logout(int,int,int)", data) ) {
+ // Someone got to DCOP before we did
+ // Try an emergency system logout
+ system("logout");
+ }
+ }
if (trinity_lockeng_sak_available == TRUE) {
handleSecureDialog();
}
diff --git a/kdesktop/lockeng.h b/kdesktop/lockeng.h
index b1e31bd..ae81f90 100644
--- a/kdesktop/lockeng.h
+++ b/kdesktop/lockeng.h
@@ -114,6 +114,7 @@ protected:
private:
KProcess* mSAKProcess;
+ bool mTerminationRequested;
};
#endif
commit 5f8d730703882e1335305a2c43a378f0c4b96e8e
Author: Timothy Pearson <kb9vqf@pearsoncomputing.net>
Date: 1327216641 -0600
Fix desktop lock
diff --git a/kdesktop/lock/lockprocess.cc b/kdesktop/lock/lockprocess.cc
index 2588bbf..5acc96e 100644
--- a/kdesktop/lock/lockprocess.cc
+++ b/kdesktop/lock/lockprocess.cc
@@ -630,6 +630,8 @@ void LockProcess::startSecureDialog()
return;
}
+ setGeometry(0, 0, mRootWidth, mRootHeight);
+
int ret;
SecureDlg inDlg( this );
inDlg.setRetInt(&ret);
diff --git a/kdesktop/lock/main.cc b/kdesktop/lock/main.cc
index 2711c36..c0b8e24 100644
--- a/kdesktop/lock/main.cc
+++ b/kdesktop/lock/main.cc
@@ -181,14 +181,14 @@ int main( int argc, char **argv )
rt = process.runSecureDialog();
}
else {
- return 1;
+ return 0;
}
}
else {
rt = process.defaultSave();
}
if (!rt) {
- return 1;
+ return 0;
}
if( sig )
diff --git a/kdesktop/lockeng.cc b/kdesktop/lockeng.cc
index fb0f754..5307c5c 100644
--- a/kdesktop/lockeng.cc
+++ b/kdesktop/lockeng.cc
@@ -372,6 +372,7 @@ printf("Lock process exited\n\r"); fflush(stdout);
}
if (mTerminationRequested == true) {
abnormalExit = false;
+ mTerminationRequested = false;
}
if (abnormalExit == true) {
// PROBABLE HACKING ATTEMPT DETECTED