Bug#110475: [PATCH] Directory mode of /dev/dri is too open

1 view
Skip to first unread message

Brendan O'Dea

unread,
Aug 28, 2001, 10:29:03 PM8/28/01
to
Package: xserver-xfree86
Version: 4.1.0-2

The /dev/dri directory is created with a mode that is derived from the
"Mode" entry in the "DRI" section, which dexconf creates as 666.

Ethan Benson noted that this results in a world writable directory on
the root filesystem which is undesirable.

Given that the only things in that directory are character devices which
require root permission to create, the directory permissions need not
follow the Mode required for the devices but may be root:root 755.

A patch [untested] is appended which creates the directory as described
above, it additionally only sets the user/group/mode when the directory
is created.

You may wish to consider changing the directory mode in the server's
postinst when upgrading from <= 4.1.0-2.

Regards,
--
Brendan O'Dea b...@compusol.com.au
Compusol Pty. Limited (NSW, Australia) +61 2 9810 3633

--- xc/programs/Xserver/hw/xfree86/os-support/linux/drm/xf86drm.c.orig Fri May 18 20:26:45 2001
+++ xc/programs/Xserver/hw/xfree86/os-support/linux/drm/xf86drm.c Mon Aug 27 00:08:14 2001
@@ -174,7 +174,6 @@
stat_t st;
char buf[64];
int fd;
- mode_t dirmode = DRM_DEV_DIRMODE;
mode_t devmode = DRM_DEV_MODE;
int isroot = !geteuid();
#if defined(XFree86Server)
@@ -184,23 +183,17 @@

#if defined(XFree86Server)
devmode = xf86ConfigDRI.mode ? xf86ConfigDRI.mode : DRM_DEV_MODE;
- dirmode = (devmode & S_IRUSR) ? S_IXUSR : 0;
- dirmode |= (devmode & S_IRGRP) ? S_IXGRP : 0;
- dirmode |= (devmode & S_IROTH) ? S_IXOTH : 0;
- dirmode |= devmode;
devmode &= ~(S_IXUSR|S_IXGRP|S_IXOTH);
group = (xf86ConfigDRI.group >= 0) ? xf86ConfigDRI.group : DRM_DEV_GID;
#endif

- if (stat(DRM_DIR_NAME, &st)) {
+ if (stat(DRM_DIR_NAME, &st) || !S_ISDIR(st.st_mode)) {
if (!isroot) return DRM_ERR_NOT_ROOT;
remove(DRM_DIR_NAME);
- mkdir(DRM_DIR_NAME, dirmode);
+ mkdir(DRM_DIR_NAME, 0755);
+ chown(DRM_DIR_NAME, 0, 0); /* root:root */
+ chmod(DRM_DIR_NAME, 0755);
}
-#if defined(XFree86Server)
- chown(DRM_DIR_NAME, user, group);
- chmod(DRM_DIR_NAME, dirmode);
-#endif

sprintf(buf, DRM_DEV_NAME, DRM_DIR_NAME, minor);
if (stat(buf, &st) || st.st_rdev != dev) {


--
To UNSUBSCRIBE, email to debian-bugs-...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org

Reply all
Reply to author
Forward
0 new messages