xorg-xvfb, tigervnc: fixes for Android Pie (9)
Remove setuid/setgid and similar calls as they are disallowed by seccomp and not needed on Termux.
This commit is contained in:
Leonid Pliushch
Yaksh Bariya
parent
838d6a73cd
commit
cb8d70c36d
@ -2,7 +2,7 @@ TERMUX_PKG_MAINTAINER="Leonid Plyushch <leonid.plyushch@gmail.com> @xeffyr"
|
||||
|
||||
TERMUX_PKG_HOMEPAGE=http://www.tigervnc.org/
|
||||
TERMUX_PKG_VERSION=1.9.0
|
||||
TERMUX_PKG_REVISION=9
|
||||
TERMUX_PKG_REVISION=10
|
||||
TERMUX_PKG_DESCRIPTION="Suite of VNC servers. Based on the VNC 4 branch of TightVNC."
|
||||
TERMUX_PKG_SRCURL=https://github.com/TigerVNC/tigervnc/archive/v${TERMUX_PKG_VERSION}.tar.gz
|
||||
TERMUX_PKG_SHA256=f15ced8500ec56356c3bf271f52e58ed83729118361c7103eab64a618441f740
|
||||
|
||||
@ -3,7 +3,7 @@ TERMUX_PKG_MAINTAINER="Leonid Plyushch <leonid.plyushch@gmail.com> @xeffyr"
|
||||
TERMUX_PKG_HOMEPAGE=http://xorg.freedesktop.org/
|
||||
TERMUX_PKG_DESCRIPTION="X virtual framebuffer"
|
||||
TERMUX_PKG_VERSION=1.20.1
|
||||
TERMUX_PKG_REVISION=3
|
||||
TERMUX_PKG_REVISION=4
|
||||
TERMUX_PKG_SRCURL=https://xorg.freedesktop.org/releases/individual/xserver/xorg-server-${TERMUX_PKG_VERSION}.tar.bz2
|
||||
TERMUX_PKG_SHA256=59c99fe86fe75b8164c6567bfc6e982aecc2e4a51e6fbac1b842d5d00549e918
|
||||
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
diff -uNr xorg-server-1.20.1/hw/xfree86/common/compiler.h xorg-server-1.20.1.mod/hw/xfree86/common/compiler.h
|
||||
--- xorg-server-1.20.1/hw/xfree86/common/compiler.h 2018-08-07 19:31:02.000000000 +0300
|
||||
+++ xorg-server-1.20.1.mod/hw/xfree86/common/compiler.h 2018-09-11 23:52:17.464825840 +0300
|
||||
+++ xorg-server-1.20.1.mod/hw/xfree86/common/compiler.h 2018-10-03 00:40:35.481555908 +0300
|
||||
@@ -518,7 +518,7 @@
|
||||
barrier();
|
||||
}
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
diff -uNr xorg-server-1.20.1/hw/xfree86/common/xf86Config.c xorg-server-1.20.1.mod/hw/xfree86/common/xf86Config.c
|
||||
--- xorg-server-1.20.1/hw/xfree86/common/xf86Config.c 2018-08-07 19:31:02.000000000 +0300
|
||||
+++ xorg-server-1.20.1.mod/hw/xfree86/common/xf86Config.c 2018-09-11 23:52:17.464825840 +0300
|
||||
+++ xorg-server-1.20.1.mod/hw/xfree86/common/xf86Config.c 2018-10-03 00:40:35.484889280 +0300
|
||||
@@ -106,7 +106,7 @@
|
||||
#define SYS_CONFIGDIRPATH "%D/X11/%X"
|
||||
#endif
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
diff -uNr xorg-server-1.20.1/hw/xfree86/os-support/linux/lnx_acpi.c xorg-server-1.20.1.mod/hw/xfree86/os-support/linux/lnx_acpi.c
|
||||
--- xorg-server-1.20.1/hw/xfree86/os-support/linux/lnx_acpi.c 2018-08-07 19:31:03.000000000 +0300
|
||||
+++ xorg-server-1.20.1.mod/hw/xfree86/os-support/linux/lnx_acpi.c 2018-09-11 23:52:17.468159200 +0300
|
||||
+++ xorg-server-1.20.1.mod/hw/xfree86/os-support/linux/lnx_acpi.c 2018-10-03 00:40:35.484889280 +0300
|
||||
@@ -15,7 +15,7 @@
|
||||
#include <fcntl.h>
|
||||
#include <errno.h>
|
||||
|
||||
@ -0,0 +1,18 @@
|
||||
diff -uNr xorg-server-1.20.1/hw/xfree86/os-support/linux/lnx_kmod.c xorg-server-1.20.1.mod/hw/xfree86/os-support/linux/lnx_kmod.c
|
||||
--- xorg-server-1.20.1/hw/xfree86/os-support/linux/lnx_kmod.c 2018-08-07 19:31:03.000000000 +0300
|
||||
+++ xorg-server-1.20.1.mod/hw/xfree86/os-support/linux/lnx_kmod.c 2018-10-03 00:41:52.675784872 +0300
|
||||
@@ -68,14 +68,6 @@
|
||||
*/
|
||||
switch (pid = fork()) {
|
||||
case 0: /* child */
|
||||
- /* change real/effective user ID to 0/0 as we need to
|
||||
- * preinstall agpgart module for some DRM modules
|
||||
- */
|
||||
- if (setreuid(0, 0)) {
|
||||
- xf86Msg(X_WARNING, "LoadKernelModule: "
|
||||
- "Setting of real/effective user Id to 0/0 failed");
|
||||
- }
|
||||
- setenv("PATH", "/sbin", 1);
|
||||
execl(mpPath, "modprobe", modName, NULL);
|
||||
xf86Msg(X_WARNING, "LoadKernelModule %s\n", strerror(errno));
|
||||
exit(EXIT_FAILURE); /* if we get here the child's exec failed */
|
||||
@ -1,6 +1,6 @@
|
||||
diff -uNr xorg-server-1.20.1/hw/xfree86/parser/scan.c xorg-server-1.20.1.mod/hw/xfree86/parser/scan.c
|
||||
--- xorg-server-1.20.1/hw/xfree86/parser/scan.c 2018-08-07 19:31:03.000000000 +0300
|
||||
+++ xorg-server-1.20.1.mod/hw/xfree86/parser/scan.c 2018-09-11 23:57:04.337075807 +0300
|
||||
+++ xorg-server-1.20.1.mod/hw/xfree86/parser/scan.c 2018-10-03 00:40:35.488222652 +0300
|
||||
@@ -873,13 +873,13 @@
|
||||
*/
|
||||
|
||||
|
||||
@ -0,0 +1,69 @@
|
||||
diff -uNr xorg-server-1.20.1/hw/xfree86/parser/write.c xorg-server-1.20.1.mod/hw/xfree86/parser/write.c
|
||||
--- xorg-server-1.20.1/hw/xfree86/parser/write.c 2018-08-07 19:31:03.000000000 +0300
|
||||
+++ xorg-server-1.20.1.mod/hw/xfree86/parser/write.c 2018-10-03 00:43:26.723526291 +0300
|
||||
@@ -129,64 +129,5 @@
|
||||
int
|
||||
xf86writeConfigFile(const char *filename, XF86ConfigPtr cptr)
|
||||
{
|
||||
-#ifndef HAS_NO_UIDS
|
||||
- int ret;
|
||||
-
|
||||
- if (getuid() != geteuid()) {
|
||||
-
|
||||
-#if !defined(HAS_SAVED_IDS_AND_SETEUID)
|
||||
- int pid, p;
|
||||
- int status;
|
||||
- void (*csig) (int);
|
||||
-
|
||||
- /* Need to fork to change ruid without loosing euid */
|
||||
- csig = OsSignal(SIGCHLD, SIG_DFL);
|
||||
- switch ((pid = fork())) {
|
||||
- case -1:
|
||||
- ErrorF("xf86writeConfigFile(): fork failed (%s)\n",
|
||||
- strerror(errno));
|
||||
- return 0;
|
||||
- case 0: /* child */
|
||||
- if (setuid(getuid()) == -1)
|
||||
- FatalError("xf86writeConfigFile(): "
|
||||
- "setuid failed(%s)\n", strerror(errno));
|
||||
- ret = doWriteConfigFile(filename, cptr);
|
||||
- exit(ret);
|
||||
- break;
|
||||
- default: /* parent */
|
||||
- do {
|
||||
- p = waitpid(pid, &status, 0);
|
||||
- } while (p == -1 && errno == EINTR);
|
||||
- }
|
||||
- OsSignal(SIGCHLD, csig);
|
||||
- if (p != -1 && WIFEXITED(status) && WEXITSTATUS(status) == 0)
|
||||
- return 1; /* success */
|
||||
- else
|
||||
- return 0;
|
||||
-
|
||||
-#else /* HAS_SAVED_IDS_AND_SETEUID */
|
||||
- int ruid, euid;
|
||||
-
|
||||
- ruid = getuid();
|
||||
- euid = geteuid();
|
||||
-
|
||||
- if (seteuid(ruid) == -1) {
|
||||
- ErrorF("xf86writeConfigFile(): seteuid(%d) failed (%s)\n",
|
||||
- ruid, strerror(errno));
|
||||
- return 0;
|
||||
- }
|
||||
- ret = doWriteConfigFile(filename, cptr);
|
||||
-
|
||||
- if (seteuid(euid) == -1) {
|
||||
- ErrorF("xf86writeConfigFile(): seteuid(%d) failed (%s)\n",
|
||||
- euid, strerror(errno));
|
||||
- }
|
||||
- return ret;
|
||||
-
|
||||
-#endif /* HAS_SAVED_IDS_AND_SETEUID */
|
||||
-
|
||||
- }
|
||||
- else
|
||||
-#endif /* !HAS_NO_UIDS */
|
||||
- return doWriteConfigFile(filename, cptr);
|
||||
+ return doWriteConfigFile(filename, cptr);
|
||||
}
|
||||
@ -0,0 +1,27 @@
|
||||
diff -uNr xorg-server-1.20.1/hw/xfree86/xorg-wrapper.c xorg-server-1.20.1.mod/hw/xfree86/xorg-wrapper.c
|
||||
--- xorg-server-1.20.1/hw/xfree86/xorg-wrapper.c 2018-08-07 19:31:04.000000000 +0300
|
||||
+++ xorg-server-1.20.1.mod/hw/xfree86/xorg-wrapper.c 2018-10-03 00:50:13.091358398 +0300
|
||||
@@ -251,23 +251,6 @@
|
||||
}
|
||||
#endif
|
||||
|
||||
- /* If we've found cards, and all cards support kms, drop root rights */
|
||||
- if (needs_root_rights == 0 || (total_cards && kms_cards == total_cards)) {
|
||||
- gid_t realgid = getgid();
|
||||
- uid_t realuid = getuid();
|
||||
-
|
||||
- if (setresgid(-1, realgid, realgid) != 0) {
|
||||
- fprintf(stderr, "%s: Could not drop setgid privileges: %s\n",
|
||||
- progname, strerror(errno));
|
||||
- exit(1);
|
||||
- }
|
||||
- if (setresuid(-1, realuid, realuid) != 0) {
|
||||
- fprintf(stderr, "%s: Could not drop setuid privileges: %s\n",
|
||||
- progname, strerror(errno));
|
||||
- exit(1);
|
||||
- }
|
||||
- }
|
||||
-
|
||||
snprintf(buf, sizeof(buf), "%s/Xorg", SUID_WRAPPER_DIR);
|
||||
|
||||
/* Check if the server is executable by our real uid */
|
||||
@ -1,6 +1,6 @@
|
||||
diff -uNr xorg-server-1.20.1/hw/xquartz/mach-startup/bundle-main.c xorg-server-1.20.1.mod/hw/xquartz/mach-startup/bundle-main.c
|
||||
--- xorg-server-1.20.1/hw/xquartz/mach-startup/bundle-main.c 2018-08-07 19:31:04.000000000 +0300
|
||||
+++ xorg-server-1.20.1.mod/hw/xquartz/mach-startup/bundle-main.c 2018-09-11 23:52:17.468159200 +0300
|
||||
+++ xorg-server-1.20.1.mod/hw/xquartz/mach-startup/bundle-main.c 2018-10-03 00:40:35.491556024 +0300
|
||||
@@ -79,7 +79,7 @@
|
||||
|
||||
#define DEFAULT_CLIENT X11BINDIR "/xterm"
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
diff -uNr xorg-server-1.20.1/hw/xwin/InitOutput.c xorg-server-1.20.1.mod/hw/xwin/InitOutput.c
|
||||
--- xorg-server-1.20.1/hw/xwin/InitOutput.c 2018-08-07 19:31:04.000000000 +0300
|
||||
+++ xorg-server-1.20.1.mod/hw/xwin/InitOutput.c 2018-09-11 23:52:17.478159278 +0300
|
||||
+++ xorg-server-1.20.1.mod/hw/xwin/InitOutput.c 2018-10-03 00:40:35.494889396 +0300
|
||||
@@ -285,7 +285,7 @@
|
||||
level = none, curlevel;
|
||||
BOOL binary = TRUE;
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
diff -uNr xorg-server-1.20.1/include/site.h xorg-server-1.20.1.mod/include/site.h
|
||||
--- xorg-server-1.20.1/include/site.h 2018-08-07 19:31:05.000000000 +0300
|
||||
+++ xorg-server-1.20.1.mod/include/site.h 2018-09-11 23:52:17.478159278 +0300
|
||||
+++ xorg-server-1.20.1.mod/include/site.h 2018-10-03 00:40:35.498222769 +0300
|
||||
@@ -72,7 +72,7 @@
|
||||
* DO NOT CHANGE THESE VALUES OR THE DIX IMAKEFILE!
|
||||
*/
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
diff -uNr xorg-server-1.20.1/os/access.c xorg-server-1.20.1.mod/os/access.c
|
||||
--- xorg-server-1.20.1/os/access.c 2018-08-07 19:31:05.000000000 +0300
|
||||
+++ xorg-server-1.20.1.mod/os/access.c 2018-09-11 23:52:17.484825997 +0300
|
||||
+++ xorg-server-1.20.1.mod/os/access.c 2018-10-03 00:40:35.501556141 +0300
|
||||
@@ -961,7 +961,7 @@
|
||||
#if defined WIN32 && defined __MINGW32__
|
||||
#define ETC_HOST_PREFIX "X"
|
||||
|
||||
@ -1,7 +1,14 @@
|
||||
diff -uNr xorg-server-1.20.1/os/backtrace.c xorg-server-1.20.1.mod/os/backtrace.c
|
||||
--- xorg-server-1.20.1/os/backtrace.c 2018-08-07 19:31:05.000000000 +0300
|
||||
+++ xorg-server-1.20.1.mod/os/backtrace.c 2018-09-11 23:52:17.491492715 +0300
|
||||
@@ -251,7 +251,7 @@
|
||||
+++ xorg-server-1.20.1.mod/os/backtrace.c 2018-10-03 00:43:52.883822427 +0300
|
||||
@@ -244,14 +244,13 @@
|
||||
/* CHILD */
|
||||
char parent[16];
|
||||
|
||||
- seteuid(0);
|
||||
close(STDIN_FILENO);
|
||||
close(STDOUT_FILENO);
|
||||
dup2(pipefd[1], STDOUT_FILENO);
|
||||
closefrom(STDERR_FILENO);
|
||||
|
||||
snprintf(parent, sizeof(parent), "%d", getppid());
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
diff -uNr xorg-server-1.20.1/os/connection.c xorg-server-1.20.1.mod/os/connection.c
|
||||
--- xorg-server-1.20.1/os/connection.c 2018-08-07 19:31:05.000000000 +0300
|
||||
+++ xorg-server-1.20.1.mod/os/connection.c 2018-09-11 23:52:17.494826075 +0300
|
||||
+++ xorg-server-1.20.1.mod/os/connection.c 2018-10-03 00:40:35.511556258 +0300
|
||||
@@ -996,7 +996,7 @@
|
||||
XtransConnInfo ciptr;
|
||||
const char *display_env = getenv("DISPLAY");
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
diff -uNr xorg-server-1.20.1/os/osinit.c xorg-server-1.20.1.mod/os/osinit.c
|
||||
--- xorg-server-1.20.1/os/osinit.c 2018-08-07 19:31:05.000000000 +0300
|
||||
+++ xorg-server-1.20.1.mod/os/osinit.c 2018-09-11 23:52:17.498159434 +0300
|
||||
+++ xorg-server-1.20.1.mod/os/osinit.c 2018-10-03 00:40:35.514889630 +0300
|
||||
@@ -72,7 +72,7 @@
|
||||
#endif
|
||||
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
diff -uNr xorg-server-1.20.1/os/utils.c xorg-server-1.20.1.mod/os/utils.c
|
||||
--- xorg-server-1.20.1/os/utils.c 2018-08-07 19:31:05.000000000 +0300
|
||||
+++ xorg-server-1.20.1.mod/os/utils.c 2018-10-02 15:18:51.990102574 +0300
|
||||
+++ xorg-server-1.20.1.mod/os/utils.c 2018-10-03 00:48:19.253449801 +0300
|
||||
@@ -228,7 +228,7 @@
|
||||
* server at a time. This keeps the servers from stomping on each other
|
||||
* if the user forgets to give them different display numbers.
|
||||
@ -19,16 +19,31 @@ diff -uNr xorg-server-1.20.1/os/utils.c xorg-server-1.20.1.mod/os/utils.c
|
||||
if (haslock) {
|
||||
/*
|
||||
* We're done.
|
||||
@@ -1387,7 +1387,7 @@
|
||||
_exit(127);
|
||||
if (setuid(getuid()) == -1)
|
||||
_exit(127);
|
||||
@@ -1383,11 +1383,7 @@
|
||||
p = -1;
|
||||
break;
|
||||
case 0: /* child */
|
||||
- if (setgid(getgid()) == -1)
|
||||
- _exit(127);
|
||||
- if (setuid(getuid()) == -1)
|
||||
- _exit(127);
|
||||
- execl("/bin/sh", "sh", "-c", command, (char *) NULL);
|
||||
+ execl("/data/data/com.termux/files/usr/bin/sh", "sh", "-c", command, (char *) NULL);
|
||||
_exit(127);
|
||||
default: /* parent */
|
||||
do {
|
||||
@@ -1473,7 +1473,7 @@
|
||||
@@ -1453,10 +1449,6 @@
|
||||
#endif
|
||||
return NULL;
|
||||
case 0: /* child */
|
||||
- if (setgid(getgid()) == -1)
|
||||
- _exit(127);
|
||||
- if (setuid(getuid()) == -1)
|
||||
- _exit(127);
|
||||
if (*type == 'r') {
|
||||
if (pdes[1] != 1) {
|
||||
/* stdout */
|
||||
@@ -1473,7 +1465,7 @@
|
||||
}
|
||||
close(pdes[1]);
|
||||
}
|
||||
@ -37,7 +52,39 @@ diff -uNr xorg-server-1.20.1/os/utils.c xorg-server-1.20.1.mod/os/utils.c
|
||||
_exit(127);
|
||||
}
|
||||
|
||||
@@ -1670,7 +1670,7 @@
|
||||
@@ -1531,10 +1523,6 @@
|
||||
free(cur);
|
||||
return NULL;
|
||||
case 0: /* child */
|
||||
- if (setgid(getgid()) == -1)
|
||||
- _exit(127);
|
||||
- if (setuid(getuid()) == -1)
|
||||
- _exit(127);
|
||||
if (*type == 'r') {
|
||||
if (pdes[1] != 1) {
|
||||
/* stdout */
|
||||
@@ -1577,20 +1565,7 @@
|
||||
|
||||
return iop;
|
||||
#else
|
||||
- int ruid, euid;
|
||||
-
|
||||
- ruid = getuid();
|
||||
- euid = geteuid();
|
||||
-
|
||||
- if (seteuid(ruid) == -1) {
|
||||
- return NULL;
|
||||
- }
|
||||
iop = fopen(file, type);
|
||||
-
|
||||
- if (seteuid(euid) == -1) {
|
||||
- fclose(iop);
|
||||
- return NULL;
|
||||
- }
|
||||
return iop;
|
||||
#endif /* HAS_SAVED_IDS_AND_SETEUID */
|
||||
}
|
||||
@@ -1670,7 +1645,7 @@
|
||||
else if (getenv("TMP") != NULL)
|
||||
return getenv("TMP");
|
||||
else
|
||||
@ -46,3 +93,69 @@ diff -uNr xorg-server-1.20.1/os/utils.c xorg-server-1.20.1.mod/os/utils.c
|
||||
}
|
||||
|
||||
int
|
||||
@@ -1722,64 +1697,7 @@
|
||||
Bool
|
||||
PrivsElevated(void)
|
||||
{
|
||||
- static Bool privsTested = FALSE;
|
||||
- static Bool privsElevated = TRUE;
|
||||
-
|
||||
- if (!privsTested) {
|
||||
-#if defined(WIN32)
|
||||
- privsElevated = FALSE;
|
||||
-#else
|
||||
- if ((getuid() != geteuid()) || (getgid() != getegid())) {
|
||||
- privsElevated = TRUE;
|
||||
- }
|
||||
- else {
|
||||
-#if defined(HAVE_ISSETUGID)
|
||||
- privsElevated = issetugid();
|
||||
-#elif defined(HAVE_GETRESUID)
|
||||
- uid_t ruid, euid, suid;
|
||||
- gid_t rgid, egid, sgid;
|
||||
-
|
||||
- if ((getresuid(&ruid, &euid, &suid) == 0) &&
|
||||
- (getresgid(&rgid, &egid, &sgid) == 0)) {
|
||||
- privsElevated = (euid != suid) || (egid != sgid);
|
||||
- }
|
||||
- else {
|
||||
- printf("Failed getresuid or getresgid");
|
||||
- /* Something went wrong, make defensive assumption */
|
||||
- privsElevated = TRUE;
|
||||
- }
|
||||
-#else
|
||||
- if (getuid() == 0) {
|
||||
- /* running as root: uid==euid==0 */
|
||||
- privsElevated = FALSE;
|
||||
- }
|
||||
- else {
|
||||
- /*
|
||||
- * If there are saved ID's the process might still be privileged
|
||||
- * even though the above test succeeded. If issetugid() and
|
||||
- * getresgid() aren't available, test this by trying to set
|
||||
- * euid to 0.
|
||||
- */
|
||||
- unsigned int oldeuid;
|
||||
-
|
||||
- oldeuid = geteuid();
|
||||
-
|
||||
- if (seteuid(0) != 0) {
|
||||
- privsElevated = FALSE;
|
||||
- }
|
||||
- else {
|
||||
- if (seteuid(oldeuid) != 0) {
|
||||
- FatalError("Failed to drop privileges. Exiting\n");
|
||||
- }
|
||||
- privsElevated = TRUE;
|
||||
- }
|
||||
- }
|
||||
-#endif
|
||||
- }
|
||||
-#endif
|
||||
- privsTested = TRUE;
|
||||
- }
|
||||
- return privsElevated;
|
||||
+ return FALSE;
|
||||
}
|
||||
|
||||
/*
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
diff -uNr xorg-server-1.20.1/xkb/ddxLoad.c xorg-server-1.20.1.mod/xkb/ddxLoad.c
|
||||
--- xorg-server-1.20.1/xkb/ddxLoad.c 2018-08-07 19:31:06.000000000 +0300
|
||||
+++ xorg-server-1.20.1.mod/xkb/ddxLoad.c 2018-09-11 23:52:17.501492794 +0300
|
||||
+++ xorg-server-1.20.1.mod/xkb/ddxLoad.c 2018-10-03 00:40:35.524889748 +0300
|
||||
@@ -76,8 +76,8 @@
|
||||
}
|
||||
else
|
||||
|
||||
Loading…
Reference in New Issue
Block a user