If someone manages to close down kdesktop_lock through an undiscovered security vulnerability such as http://security-tracker.debian.org/tracker/CVE-2012-0064, immediately terminate the compromised TDE session

12 years ago · f05f9dc753
parent 5f413b26eb
commit f05f9dc753
3 changed files with 35 additions and 8 deletions
--- a/kdesktop/lock/lockprocess.cc
+++ b/kdesktop/lock/lockprocess.cc
@ -326,10 +326,8 @@ static int signal_pipe[2];
 static void sigterm_handler(int)
 {
    if (!trinity_desktop_lock_in_sec_dlg) {
-        char tmp = 'T';
-        if (::write( signal_pipe[1], &tmp, 1) == -1) {
-            // Error handler to shut up gcc warnings
-        }
+        // Exit uncleanly
+        exit(1);
    }
 }

@ -522,7 +520,7 @@ void LockProcess::setupSignals()
    sigaddset(&(act.sa_mask), SIGQUIT);
    act.sa_flags = 0;
    sigaction(SIGQUIT, &act, 0L);
-    // exit cleanly on SIGTERM
+    // exit uncleanly on SIGTERM
    act.sa_handler= sigterm_handler;
    sigemptyset(&(act.sa_mask));
    sigaddset(&(act.sa_mask), SIGTERM);
--- a/kdesktop/lockeng.cc
+++ b/kdesktop/lockeng.cc
@ -36,10 +36,11 @@ bool trinity_lockeng_sak_available = TRUE;
 // a newly started process.
 //
 SaverEngine::SaverEngine()
-    : KScreensaverIface(),
-      TQWidget(),
+    : TQWidget(),
+      KScreensaverIface(),
      mBlankOnly(false),
-      mSAKProcess(NULL)
+      mSAKProcess(NULL),
+      mTerminationRequested(false)
 {
    // Save X screensaver parameters
    XGetScreenSaver(qt_xdisplay(), &mXTimeout, &mXInterval,
@ -340,6 +341,7 @@ void SaverEngine::stopLockProcess()
    kdDebug(1204) << "SaverEngine: stopping lock" << endl;
    emitDCOPSignal("KDE_stop_screensaver()", TQByteArray());

+    mTerminationRequested=true;
    mLockProcess.kill();

    if (mEnabled)
@ -357,7 +359,33 @@ void SaverEngine::stopLockProcess()

 void SaverEngine::lockProcessExited()
 {
+printf("Lock process exited\n\r"); fflush(stdout);
+    bool abnormalExit = false;
    kdDebug(1204) << "SaverEngine: lock exited" << endl;
+    if (mLockProcess.normalExit() == false) {
+        abnormalExit = true;
+    }
+    else {
+        if (mLockProcess.exitStatus() != 0) {
+            abnormalExit = true;
+        }
+    }
+    if (mTerminationRequested == true) {
+        abnormalExit = false;
+    }
+    if (abnormalExit == true) {
+        // PROBABLE HACKING ATTEMPT DETECTED
+        // Terminate the TDE session ASAP!
+        // Values are explained at http://lists.kde.org/?l=kde-linux&m=115770988603387
+        TQByteArray data;
+        TQDataStream arg(data, IO_WriteOnly);
+        arg << (int)0 << (int)0 << (int)2;
+        if ( ! kapp->dcopClient()->send("ksmserver", "default", "logout(int,int,int)", data) ) {
+            // Someone got to DCOP before we did
+            // Try an emergency system logout
+            system("logout");
+        }
+    }
    if (trinity_lockeng_sak_available == TRUE) {
        handleSecureDialog();
    }
--- a/kdesktop/lockeng.h
+++ b/kdesktop/lockeng.h
@ -114,6 +114,7 @@ protected:

 private:
    KProcess*   mSAKProcess;
+    bool        mTerminationRequested;
 };

 #endif