pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: [pkgsrc-2025Q1] pkgsrc/misc/screen
Module Name: pkgsrc
Committed By: maya
Date: Fri May 16 14:14:45 UTC 2025
Modified Files:
pkgsrc/misc/screen [pkgsrc-2025Q1]: Makefile distinfo
pkgsrc/misc/screen/patches [pkgsrc-2025Q1]: patch-socket.c
Added Files:
pkgsrc/misc/screen/patches [pkgsrc-2025Q1]: patch-attacher.c
patch-configure patch-configure.ac patch-logfile.c patch-logfile.h
patch-process.c patch-screen.c patch-screen.h
Removed Files:
pkgsrc/misc/screen [pkgsrc-2025Q1]: MESSAGE
Log Message:
Pullup ticket #6964 - requested by bsiegert
misc/screen: Security fix (PR pkg/59417)
Revisions pulled up:
- misc/screen/MESSAGE deleted
- misc/screen/Makefile 1.128-1.129
- misc/screen/distinfo 1.67
- misc/screen/patches/patch-attacher.c 1.1
- misc/screen/patches/patch-configure 1.1
- misc/screen/patches/patch-configure.ac 1.1
- misc/screen/patches/patch-logfile.c 1.1
- misc/screen/patches/patch-logfile.h 1.1
- misc/screen/patches/patch-process.c 1.1
- misc/screen/patches/patch-screen.c 1.7
- misc/screen/patches/patch-screen.h 1.1
- misc/screen/patches/patch-socket.c 1.7
---
Module Name: pkgsrc
Committed By: wiz
Date: Mon May 12 15:46:06 UTC 2025
Modified Files:
pkgsrc/misc/screen: Makefile
Removed Files:
pkgsrc/misc/screen: MESSAGE
Log Message:
screen: remove setuid bit because of security problems
Remove MESSAGE while here.
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: wiz
Date: Mon May 12 16:03:20 UTC 2025
Modified Files:
pkgsrc/misc/screen: Makefile distinfo
pkgsrc/misc/screen/patches: patch-socket.c
Added Files:
pkgsrc/misc/screen/patches: patch-attacher.c patch-configure
patch-configure.ac patch-logfile.c patch-logfile.h
patch-process.c
patch-screen.c patch-screen.h
Log Message:
screen: add opensuse patches for security problems
For
https://security.opensuse.org/2025/05/12/screen-security-issues.html
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.5 -r0 pkgsrc/misc/screen/MESSAGE
cvs rdiff -u -r1.126 -r1.126.2.1 pkgsrc/misc/screen/Makefile
cvs rdiff -u -r1.66 -r1.66.2.1 pkgsrc/misc/screen/distinfo
cvs rdiff -u -r0 -r1.1.2.2 pkgsrc/misc/screen/patches/patch-attacher.c \
pkgsrc/misc/screen/patches/patch-configure \
pkgsrc/misc/screen/patches/patch-configure.ac \
pkgsrc/misc/screen/patches/patch-logfile.c \
pkgsrc/misc/screen/patches/patch-logfile.h \
pkgsrc/misc/screen/patches/patch-process.c \
pkgsrc/misc/screen/patches/patch-screen.h
cvs rdiff -u -r0 -r1.7.2.2 pkgsrc/misc/screen/patches/patch-screen.c
cvs rdiff -u -r1.6 -r1.6.2.1 pkgsrc/misc/screen/patches/patch-socket.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/misc/screen/Makefile
diff -u pkgsrc/misc/screen/Makefile:1.126 pkgsrc/misc/screen/Makefile:1.126.2.1
--- pkgsrc/misc/screen/Makefile:1.126 Thu Feb 13 19:43:02 2025
+++ pkgsrc/misc/screen/Makefile Fri May 16 14:14:44 2025
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.126 2025/02/13 19:43:02 rillig Exp $
+# $NetBSD: Makefile,v 1.126.2.1 2025/05/16 14:14:44 maya Exp $
DISTNAME= screen-5.0.0
-PKGREVISION= 1
+PKGREVISION= 3
CATEGORIES= misc shells
MASTER_SITES= ${MASTER_SITE_GNU:=screen/}
@@ -60,9 +60,11 @@ post-install: screen-terminfo
INSTALLATION_DIRS+= share/examples/screen
-.if ${UNPRIVILEGED:U:tl} != yes
-SPECIAL_PERMS+= bin/${DISTNAME} ${SETUID_ROOT_PERMS}
-.endif
+# multiple security problems
+# https://security.opensuse.org/2025/05/12/screen-security-issues.html
+#.if ${UNPRIVILEGED:U:tl} != yes
+#SPECIAL_PERMS+= bin/${DISTNAME} ${SETUID_ROOT_PERMS}
+#.endif
pre-configure:
cd ${WRKSRC} && autoreconf -i
Index: pkgsrc/misc/screen/distinfo
diff -u pkgsrc/misc/screen/distinfo:1.66 pkgsrc/misc/screen/distinfo:1.66.2.1
--- pkgsrc/misc/screen/distinfo:1.66 Thu Feb 13 19:43:02 2025
+++ pkgsrc/misc/screen/distinfo Fri May 16 14:14:44 2025
@@ -1,13 +1,21 @@
-$NetBSD: distinfo,v 1.66 2025/02/13 19:43:02 rillig Exp $
+$NetBSD: distinfo,v 1.66.2.1 2025/05/16 14:14:44 maya Exp $
BLAKE2s (screen-5.0.0.tar.gz) = b2d41befdfd7b641bddef5d1eb4a919bcb76f971e79a145ea4a2e3ba55db28d1
SHA512 (screen-5.0.0.tar.gz) = 18a163313025c58950ec65fa83037ba1df0fa8e2346925593217fb0a6596f2f51914a4f0aec7f0e1c280d3d3ef964e7a886521f41f4b96f4ff08935be7f62117
Size (screen-5.0.0.tar.gz) = 895882 bytes
SHA1 (patch-Makefile.in) = 9a536678040bb6a47e5c7fbeedfecc0aa5c870e2
+SHA1 (patch-attacher.c) = 6d9b76c55e16dd02d9633012013b3b0d5978751b
+SHA1 (patch-configure) = 4f3261342dd9620d2d62c18a33cf9cc15b2f0d78
+SHA1 (patch-configure.ac) = 1535033179bf7dc4a2a0137c8344963b6ca22404
SHA1 (patch-doc_screen.1) = 858df8ed65c8fa8044075f4066832f79ba77b3a2
SHA1 (patch-doc_screen.texinfo) = e35f936f307fc6162824c3090221745ba38f6aba
SHA1 (patch-etc_etcscreenrc) = a45ae3186cd9bddeb915bad890f1be5abc315dd3
-SHA1 (patch-socket.c) = 51a7cbc2053925132f890a8585489529c5d6da99
+SHA1 (patch-logfile.c) = 2ae1f8684b34b260047046eca6023b74ae069eac
+SHA1 (patch-logfile.h) = d0f2d70bd1ae4beaffafecc0ff9cacbfe82b4db3
+SHA1 (patch-process.c) = d661f47c3c44563853447c20bacdf5d0400f478d
+SHA1 (patch-screen.c) = c1a43ce774ff651085602c41e33b704229a92944
+SHA1 (patch-screen.h) = b544433f3a4b500e2650fa59413fa928cc671fa9
+SHA1 (patch-socket.c) = 04abb03864baab4cfcc053cfab4657d003660648
SHA1 (patch-termcap.c) = f06432d06405daac0064296d2cfa3246a2621e4f
SHA1 (patch-utmp-netbsd.c) = a721e311e7dde7938de0e9546a7892bfd104ebd1
SHA1 (patch-window.h) = b0fe8f7105a906c6d9a8908ade8d34e5f7da0dd1
Index: pkgsrc/misc/screen/patches/patch-socket.c
diff -u pkgsrc/misc/screen/patches/patch-socket.c:1.6 pkgsrc/misc/screen/patches/patch-socket.c:1.6.2.1
--- pkgsrc/misc/screen/patches/patch-socket.c:1.6 Thu Feb 13 19:43:02 2025
+++ pkgsrc/misc/screen/patches/patch-socket.c Fri May 16 14:14:45 2025
@@ -1,8 +1,10 @@
-$NetBSD: patch-socket.c,v 1.6 2025/02/13 19:43:02 rillig Exp $
+$NetBSD: patch-socket.c,v 1.6.2.1 2025/05/16 14:14:45 maya Exp $
Include <uio.h> for iovec.
---- socket.c.orig 2025-01-09 02:58:51.269455114 +0000
+https://security.opensuse.org/2025/05/12/screen-security-issues.html
+
+--- socket.c.orig 2024-08-28 19:55:03.000000000 +0000
+++ socket.c
@@ -35,9 +35,7 @@
#include <sys/stat.h>
@@ -14,3 +16,96 @@ Include <uio.h> for iovec.
#include <sys/un.h>
#include <utime.h>
#include <stdint.h>
+@@ -91,6 +89,11 @@ static void AskPassword(Message *);
+ static bool CheckPassword(const char *password);
+ static void PasswordProcessInput(char *, size_t);
+
++static void KillUnpriv(pid_t pid, int sig) {
++ UserContext();
++ UserReturn(kill(pid, sig));
++}
++
+ #define SOCKMODE (S_IWRITE | S_IREAD | (displays ? S_IEXEC : 0) | (multi ? 1 : 0))
+
+ /*
+@@ -148,8 +151,13 @@ int FindSocket(int *fdp, int *nfoundp, i
+ xseteuid(real_uid);
+ xsetegid(real_gid);
+
+- if ((dirp = opendir(SocketPath)) == NULL)
+- Panic(errno, "Cannot opendir %s", SocketPath);
++ if ((dirp = opendir(SocketPath)) == NULL) {
++ if (eff_uid == real_uid) {
++ Panic(errno, "Cannot opendir %s", SocketPath);
++ } else {
++ Panic(0, "Error accessing %s", SocketPath);
++ }
++ }
+
+ slist = NULL;
+ slisttail = &slist;
+@@ -606,7 +614,7 @@ static int CreateTempDisplay(Message *m,
+ Msg(errno, "Could not perform necessary sanity "
+ "checks on pts device.");
+ close(i);
+- Kill(pid, SIG_BYE);
++ KillUnpriv(pid, SIG_BYE);
+ return -1;
+ }
+ if (strcmp(ttyname_in_ns, m->m_tty)) {
+@@ -615,7 +623,7 @@ static int CreateTempDisplay(Message *m,
+ ttyname_in_ns,
+ m->m_tty[0] != '\0' ? m->m_tty : "(null)");
+ close(i);
+- Kill(pid, SIG_BYE);
++ KillUnpriv(pid, SIG_BYE);
+ return -1;
+ }
+ /* m->m_tty so far contains the actual name of the pts
+@@ -633,24 +641,24 @@ static int CreateTempDisplay(Message *m,
+ "Attach: passed fd does not match tty: %s - %s!",
+ m->m_tty, myttyname ? myttyname : "NULL");
+ close(i);
+- Kill(pid, SIG_BYE);
++ KillUnpriv(pid, SIG_BYE);
+ return -1;
+ }
+ } else if ((i = secopen(m->m_tty, O_RDWR | O_NONBLOCK, 0)) < 0) {
+ Msg(errno, "Attach: Could not open %s!", m->m_tty);
+- Kill(pid, SIG_BYE);
++ KillUnpriv(pid, SIG_BYE);
+ return -1;
+ }
+
+ if (attach)
+- Kill(pid, SIGCONT);
++ KillUnpriv(pid, SIGCONT);
+
+ if (attach) {
+ if (display || win) {
+ int unused_result = write(i, "Attaching from inside of screen?\n", 33);
+ (void)unused_result; /* unused */
+ close(i);
+- Kill(pid, SIG_BYE);
++ KillUnpriv(pid, SIG_BYE);
+ Msg(0, "Attach msg ignored: coming from inside.");
+ return -1;
+ }
+@@ -673,7 +681,7 @@ static int CreateTempDisplay(Message *m,
+ (void)unused_result; /* unused */
+ close(i);
+ Msg(0, "Attach: could not make display for user %s", user);
+- Kill(pid, SIG_BYE);
++ KillUnpriv(pid, SIG_BYE);
+ return -1;
+ }
+ if (attach) {
+@@ -879,7 +887,7 @@ void ReceiveMsg(void)
+ Msg(0, "Query attempt with bad pid(%d)!", m.m.command.apid);
+ }
+ else {
+- Kill(m.m.command.apid, (queryflag >= 0) ? SIGCONT : SIG_BYE); /* Send SIG_BYE if an error happened */
++ KillUnpriv(m.m.command.apid, (queryflag >= 0) ? SIGCONT : SIG_BYE); /* Send SIG_BYE if an error happened */
+ queryflag = -1;
+ }
+ }
Added files:
Index: pkgsrc/misc/screen/patches/patch-attacher.c
diff -u /dev/null pkgsrc/misc/screen/patches/patch-attacher.c:1.1.2.2
--- /dev/null Fri May 16 14:14:45 2025
+++ pkgsrc/misc/screen/patches/patch-attacher.c Fri May 16 14:14:44 2025
@@ -0,0 +1,64 @@
+$NetBSD: patch-attacher.c,v 1.1.2.2 2025/05/16 14:14:44 maya Exp $
+
+https://security.opensuse.org/2025/05/12/screen-security-issues.html
+
+--- attacher.c.orig 2024-08-28 19:55:03.000000000 +0000
++++ attacher.c
+@@ -127,9 +127,6 @@ int Attach(int how)
+ xseteuid(multi_uid);
+ xseteuid(own_uid);
+ #endif
+- if (chmod(attach_tty, 0666))
+- Panic(errno, "chmod %s", attach_tty);
+- tty_oldmode = tty_mode;
+ }
+
+ memset((char *)&m, 0, sizeof(Message));
+@@ -279,12 +276,6 @@ int Attach(int how)
+ pause(); /* wait for SIGCONT */
+ xsignal(SIGCONT, SIG_DFL);
+ ContinuePlease = false;
+- xseteuid(own_uid);
+- if (tty_oldmode >= 0)
+- if (chmod(attach_tty, tty_oldmode))
+- Panic(errno, "chmod %s", attach_tty);
+- tty_oldmode = -1;
+- xseteuid(real_uid);
+ }
+ rflag = 0;
+ return 1;
+@@ -334,11 +325,6 @@ void AttacherFinit(int sigsig)
+ close(s);
+ }
+ }
+- if (tty_oldmode >= 0) {
+- if (setuid(own_uid))
+- Panic(errno, "setuid");
+- chmod(attach_tty, tty_oldmode);
+- }
+ exit(0);
+ }
+
+@@ -457,13 +443,16 @@ void SendCmdMessage(char *sty, char *mat
+ }
+ p = m.m.command.cmd;
+ n = 0;
++ size_t space_left = ARRAY_SIZE(m.m.command.cmd);
++
+ for (; *av && n < MAXARGS - 1; ++av, ++n) {
+- size_t len;
+- len = strlen(*av) + 1;
+- if (p + len >= m.m.command.cmd + ARRAY_SIZE(m.m.command.cmd) - 1)
+- break;
+- strncpy(p, *av, MAXPATHLEN);
+- p += len;
++ int printed = snprintf(p, space_left, "%s", *av);
++ if (printed < 0 || (size_t)printed >= space_left)
++ Panic(0, "Total length of the command to send too large.\n");
++
++ printed += 1; // add null terminator
++ p += printed;
++ space_left -= printed;
+ }
+ *p = 0;
+ m.m.command.nargs = n;
Index: pkgsrc/misc/screen/patches/patch-configure
diff -u /dev/null pkgsrc/misc/screen/patches/patch-configure:1.1.2.2
--- /dev/null Fri May 16 14:14:45 2025
+++ pkgsrc/misc/screen/patches/patch-configure Fri May 16 14:14:45 2025
@@ -0,0 +1,24 @@
+$NetBSD: patch-configure,v 1.1.2.2 2025/05/16 14:14:45 maya Exp $
+
+https://security.opensuse.org/2025/05/12/screen-security-issues.html
+
+--- configure.orig 2025-05-12 16:00:51.988728997 +0000
++++ configure
+@@ -1347,7 +1347,7 @@ Optional Packages:
+ --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
+ --with-system_screenrc set location of system screenrc (default:
+ /etc/screenrc)
+- --with-pty-mode set pty mode (default: 0622)
++ --with-pty-mode set pty mode (default: 0620)
+ --with-pty-group set pty group (default: 5)
+ --with-pty-rofs set rofs handling (default: no)
+
+@@ -4873,7 +4873,7 @@ if test ${with_pty_mode+y}
+ then :
+ withval=$with_pty_mode; with_pty_mode=$withval
+ else $as_nop
+- with_pty_mode=0622
++ with_pty_mode=0620
+ fi
+
+
Index: pkgsrc/misc/screen/patches/patch-configure.ac
diff -u /dev/null pkgsrc/misc/screen/patches/patch-configure.ac:1.1.2.2
--- /dev/null Fri May 16 14:14:45 2025
+++ pkgsrc/misc/screen/patches/patch-configure.ac Fri May 16 14:14:45 2025
@@ -0,0 +1,18 @@
+$NetBSD: patch-configure.ac,v 1.1.2.2 2025/05/16 14:14:45 maya Exp $
+
+https://security.opensuse.org/2025/05/12/screen-security-issues.html
+
+--- configure.ac.orig 2024-08-28 19:55:03.000000000 +0000
++++ configure.ac
+@@ -117,9 +117,9 @@ AC_ARG_WITH(system_screenrc, AS_HELP_STR
+ [with_system_screenrc=$withval],
+ [with_system_screenrc=/etc/screenrc])
+ AC_ARG_WITH(pty-mode, AS_HELP_STRING([--with-pty-mode],
+- [set pty mode (default: 0622)]),
++ [set pty mode (default: 0620)]),
+ [with_pty_mode=$withval],
+- [with_pty_mode=0622])
++ [with_pty_mode=0620])
+ AC_ARG_WITH(pty-group, AS_HELP_STRING([--with-pty-group],
+ [set pty group (default: 5)]),
+ [with_pty_group=$withval],
Index: pkgsrc/misc/screen/patches/patch-logfile.c
diff -u /dev/null pkgsrc/misc/screen/patches/patch-logfile.c:1.1.2.2
--- /dev/null Fri May 16 14:14:45 2025
+++ pkgsrc/misc/screen/patches/patch-logfile.c Fri May 16 14:14:45 2025
@@ -0,0 +1,62 @@
+$NetBSD: patch-logfile.c,v 1.1.2.2 2025/05/16 14:14:45 maya Exp $
+
+https://security.opensuse.org/2025/05/12/screen-security-issues.html
+
+--- logfile.c.orig 2024-08-28 19:55:03.000000000 +0000
++++ logfile.c
+@@ -88,10 +88,29 @@ static int logfile_reopen(char *name, in
+ return -1;
+ }
+ changed_logfile(l);
+- l->st->st_ino = l->st->st_dev = 0;
+ return 0;
+ }
+
++static int (*lf_reopen_fn) (char *, int, struct Log *) = logfile_reopen;
++
++/*
++ * Whenever logfwrite discoveres that it is required to close and
++ * reopen the logfile, the function registered here is called.
++ * If you do not register anything here, the above logfile_reopen()
++ * will be used instead.
++ * Your function should perform the same steps as logfile_reopen():
++ * a) close the original filedescriptor without flushing any output
++ * b) open a new logfile for future output on the same filedescriptor number.
++ * c) zero out st_dev, st_ino to tell the stolen_logfile() indcator to
++ * reinitialise itself.
++ * d) return 0 on success.
++ */
++void logreopen_register(int (*fn) (char *, int, struct Log *))
++{
++ lf_reopen_fn = fn ? fn : logfile_reopen;
++}
++
++
+ /*
+ * If the logfile has been removed, truncated, unlinked or the like,
+ * return nonzero.
+@@ -204,7 +223,7 @@ int logfwrite(Log *l, char *buf, size_t
+ {
+ int r;
+
+- if (stolen_logfile(l) && logfile_reopen(l->name, fileno(l->fp), l))
++ if (stolen_logfile(l) && lf_reopen_fn(l->name, fileno(l->fp), l))
+ return -1;
+ r = fwrite(buf, n, 1, l->fp);
+ l->writecount += l->flushcount + 1;
+@@ -219,13 +238,13 @@ int logfflush(Log *l)
+
+ if (!l)
+ for (l = logroot; l; l = l->next) {
+- if (stolen_logfile(l) && logfile_reopen(l->name, fileno(l->fp), l))
++ if (stolen_logfile(l) && lf_reopen_fn(l->name, fileno(l->fp), l))
+ return -1;
+ r |= fflush(l->fp);
+ l->flushcount++;
+ changed_logfile(l);
+ } else {
+- if (stolen_logfile(l) && logfile_reopen(l->name, fileno(l->fp), l))
++ if (stolen_logfile(l) && lf_reopen_fn(l->name, fileno(l->fp), l))
+ return -1;
+ r = fflush(l->fp);
+ l->flushcount++;
Index: pkgsrc/misc/screen/patches/patch-logfile.h
diff -u /dev/null pkgsrc/misc/screen/patches/patch-logfile.h:1.1.2.2
--- /dev/null Fri May 16 14:14:45 2025
+++ pkgsrc/misc/screen/patches/patch-logfile.h Fri May 16 14:14:45 2025
@@ -0,0 +1,23 @@
+$NetBSD: patch-logfile.h,v 1.1.2.2 2025/05/16 14:14:45 maya Exp $
+
+https://security.opensuse.org/2025/05/12/screen-security-issues.html
+
+--- logfile.h.orig 2024-08-28 19:55:03.000000000 +0000
++++ logfile.h
+@@ -72,6 +72,16 @@ int logfwrite (Log *, char *, size_t);
+ int logfflush (Log *ifany);
+
+ /*
++ * a reopen function may be registered here, in case you want to bring your
++ * own (more secure open), it may come along with a private data pointer.
++ * this function is called, whenever logfwrite/logfflush detect that the
++ * file has been (re)moved, truncated or changed by someone else.
++ * if you provide NULL as parameter to logreopen_register, the builtin
++ * reopen function will be reactivated.
++ */
++void logreopen_register (int (*fn) (char *, int, struct Log *) );
++
++/*
+ * Your custom reopen function is required to reuse the exact
+ * filedescriptor.
+ * See logfile.c for further specs and an example.
Index: pkgsrc/misc/screen/patches/patch-process.c
diff -u /dev/null pkgsrc/misc/screen/patches/patch-process.c:1.1.2.2
--- /dev/null Fri May 16 14:14:45 2025
+++ pkgsrc/misc/screen/patches/patch-process.c Fri May 16 14:14:45 2025
@@ -0,0 +1,15 @@
+$NetBSD: patch-process.c,v 1.1.2.2 2025/05/16 14:14:45 maya Exp $
+
+https://security.opensuse.org/2025/05/12/screen-security-issues.html
+
+--- process.c.orig 2024-08-28 19:55:03.000000000 +0000
++++ process.c
+@@ -117,7 +117,7 @@ char NullStr[] = "";
+ struct plop plop_tab[MAX_PLOP_DEFS];
+
+ #ifndef PTY_MODE
+-#define PTY_MODE 0622
++#define PTY_MODE 0620
+ #endif
+
+ int TtyMode = PTY_MODE;
Index: pkgsrc/misc/screen/patches/patch-screen.h
diff -u /dev/null pkgsrc/misc/screen/patches/patch-screen.h:1.1.2.2
--- /dev/null Fri May 16 14:14:45 2025
+++ pkgsrc/misc/screen/patches/patch-screen.h Fri May 16 14:14:45 2025
@@ -0,0 +1,15 @@
+$NetBSD: patch-screen.h,v 1.1.2.2 2025/05/16 14:14:45 maya Exp $
+
+https://security.opensuse.org/2025/05/12/screen-security-issues.html
+
+--- screen.h.orig 2024-08-28 19:55:03.000000000 +0000
++++ screen.h
+@@ -291,8 +291,6 @@ extern int nversion;
+ extern uid_t own_uid;
+ extern int queryflag;
+ extern int rflag;
+-extern int tty_mode;
+-extern int tty_oldmode;
+ extern pid_t MasterPid;
+ extern int MsgMinWait;
+ extern int MsgWait;
Index: pkgsrc/misc/screen/patches/patch-screen.c
diff -u /dev/null pkgsrc/misc/screen/patches/patch-screen.c:1.7.2.2
--- /dev/null Fri May 16 14:14:45 2025
+++ pkgsrc/misc/screen/patches/patch-screen.c Fri May 16 14:14:45 2025
@@ -0,0 +1,146 @@
+$NetBSD: patch-screen.c,v 1.7.2.2 2025/05/16 14:14:45 maya Exp $
+
+https://security.opensuse.org/2025/05/12/screen-security-issues.html
+
+--- screen.c.orig 2024-08-28 19:55:03.000000000 +0000
++++ screen.c
+@@ -145,8 +145,6 @@ bool hastruecolor = false;
+
+ char *multi;
+ int multiattach;
+-int tty_mode;
+-int tty_oldmode = -1;
+
+ char HostName[MAXSTR];
+ pid_t MasterPid;
+@@ -199,6 +197,21 @@ static int GotSigChld;
+ /********************************************************************/
+ /********************************************************************/
+
++static int lf_secreopen(char *name, int wantfd, struct Log *l)
++{
++ int got_fd;
++
++ close(wantfd);
++ if (((got_fd = secopen(name, O_WRONLY | O_CREAT | O_APPEND, 0666)) < 0) || lf_move_fd(got_fd, wantfd) < 0) {
++ logfclose(l);
++ return -1;
++ }
++ l->st->st_ino = l->st->st_dev = 0;
++ return 0;
++}
++
++
++
+ static struct passwd *getpwbyname(char *name, struct passwd *ppp)
+ {
+ int n;
+@@ -349,6 +362,10 @@ int main(int argc, char **argv)
+ #ifdef ENABLE_TELNET
+ af = AF_UNSPEC;
+ #endif
++ /* lf_secreopen() is vital for the secure operation in setuid-root context.
++ * Do not remove it
++ */
++ logreopen_register(lf_secreopen);
+
+ real_uid = getuid();
+ real_gid = getgid();
+@@ -747,7 +764,6 @@ int main(int argc, char **argv)
+
+ /* ttyname implies isatty */
+ SetTtyname(true, &st);
+- tty_mode = (int)st.st_mode & 0777;
+
+ fl = fcntl(0, F_GETFL, 0);
+ if (fl != -1 && (fl & (O_RDWR | O_RDONLY | O_WRONLY)) == O_RDWR)
+@@ -846,22 +862,47 @@ int main(int argc, char **argv)
+ #endif
+ }
+
+- if (stat(SocketPath, &st) == -1)
+- Panic(errno, "Cannot access %s", SocketPath);
+- else if (!S_ISDIR(st.st_mode))
+- Panic(0, "%s is not a directory.", SocketPath);
++ if (stat(SocketPath, &st) == -1) {
++ if (eff_uid == real_uid) {
++ Panic(errno, "Cannot access %s", SocketPath);
++ } else {
++ Panic(0, "Error accessing %s", SocketPath);
++ }
++ }
++ else if (!S_ISDIR(st.st_mode)) {
++ if (eff_uid == real_uid || st.st_uid == real_uid) {
++ Panic(0, "%s is not a directory.", SocketPath);
++ } else {
++ Panic(0, "Error accessing %s", SocketPath);
++ }
++ }
+ if (multi) {
+- if (st.st_uid != multi_uid)
+- Panic(0, "%s is not the owner of %s.", multi, SocketPath);
++ if (st.st_uid != multi_uid) {
++ if (eff_uid == real_uid || st.st_uid == real_uid) {
++ Panic(0, "%s is not the owner of %s.", multi, SocketPath);
++ } else {
++ Panic(0, "Error accessing %s", SocketPath);
++ }
++ }
+ } else {
+ #ifdef SOCKET_DIR /* if SOCKETDIR is not defined, the socket is in $HOME.
+ in that case it does not make sense to compare uids. */
+- if (st.st_uid != real_uid)
+- Panic(0, "You are not the owner of %s.", SocketPath);
++ if (st.st_uid != real_uid) {
++ if (eff_uid == real_uid) {
++ Panic(0, "You are not the owner of %s.", SocketPath);
++ } else {
++ Panic(0, "Error accessing %s", SocketPath);
++ }
++ }
+ #endif
+ }
+- if ((st.st_mode & 0777) != 0700)
+- Panic(0, "Directory %s must have mode 700.", SocketPath);
++ if ((st.st_mode & 0777) != 0700) {
++ if (eff_uid == real_uid || st.st_uid == real_uid) {
++ Panic(0, "Directory %s must have mode 700.", SocketPath);
++ } else {
++ Panic(0, "Error accessing %s", SocketPath);
++ }
++ }
+ if (SocketMatch && strchr(SocketMatch, '/'))
+ Panic(0, "Bad session name '%s'", SocketMatch);
+ SocketName = SocketPath + strlen(SocketPath) + 1;
+@@ -886,8 +927,13 @@ int main(int argc, char **argv)
+ else
+ exit(9 + (fo || oth ? 1 : 0) + fo);
+ }
+- if (fo == 0)
+- Panic(0, "No Sockets found in %s.\n", SocketPath);
++ if (fo == 0) {
++ if (eff_uid == real_uid || st.st_uid == real_uid) {
++ Panic(0, "No Sockets found in %s.\n", SocketPath);
++ } else {
++ Panic(0, "Error accessing %s", SocketPath);
++ }
++ }
+ Msg(0, "%d Socket%s in %s.", fo, fo > 1 ? "s" : "", SocketPath);
+ eexit(0);
+ }
+@@ -1551,15 +1597,6 @@ void Panic(int err, const char *fmt, ...
+ if (D_userpid)
+ Kill(D_userpid, SIG_BYE);
+ }
+- if (tty_oldmode >= 0) {
+-#if defined(HAVE_SETEUID)
+- if (setuid(own_uid))
+- xseteuid(own_uid); /* may be a loop. sigh. */
+-#else
+- setuid(own_uid);
+-#endif
+- chmod(attach_tty, tty_oldmode);
+- }
+ eexit(1);
+ }
+
Home |
Main Index |
Thread Index |
Old Index