[Pkg-fglrx-devel] Bug#625868: Bug#625868: auth event shows secret xauth cookie on command line
Vincent Zweije
vincent at zweije.nl
Mon Jul 4 20:21:25 UTC 2011
On Mon, Jul 04, 2011 at 09:01:05PM +0200, Patrick Matth?i wrote:
|| I have attached the diff, I had comitted to the subversion repository.
||
|| Am 04.07.2011 15:23, schrieb Vincent Zweije:
|| > Indeed, upstream source contains this snippet:
|| >
|| > DISP_AUTH_KEY=`xauth -f $SERVER_AUTH_FILE list | grep $DISP_SEARCH_STRING | awk '{ print $3 }'`
|| > if [ -n "$DISP_AUTH_KEY" ]; then
|| > xauth -f $3 add $2 . $DISP_AUTH_KEY || exit -1
|| > else
|| > exit -1
|| > fi
|| >
|| > which should probably be something like:
|| >
|| > DISP_AUTH_KEY=`xauth -f $SERVER_AUTH_FILE list | grep $DISP_SEARCH_STRING | awk '{ print $3 }'`
|| > if [ -n "$DISP_AUTH_KEY" ]; then
|| > echo "$2 . $DISP_AUTH_KEY" | xauth -f $3 merge - || exit -1
|| > else
|| > exit -1
|| > fi
|| >
|| > under the assumption that echo runs as a shell builtin, so does not use
|| > execve, so its command line arguments cannot be snarfed from outside.
|| >
|| > However, better would be to put everything inside the pipeline and
|| > never read the cookie into a variable at all, saving an if as well
|| > (completely untested):
|| >
|| > xauth -f $SERVER_AUTH_FILE list | grep $DISP_SEARCH_STRING | \
|| > awk '{printf "%s %s %s\n","'$2'",$2,$3}' | xauth -f $3 merge -
|| > exit -1
|| --- tags/11-4-2/debian/patches/03-authatieventsd.sh.diff 2011-05-29 09:53:13.571962952 +0200
|| +++ trunk/debian/patches/03-authatieventsd.sh.diff 2011-07-04 20:16:49.005207455 +0200
|| @@ -1,8 +1,8 @@
|| # Make the authatieventsd.sh working on Debian.
||
|| -diff -Naur fglrx-driver-10-4.orig//common/etc/ati/authatieventsd.sh fglrx-driver-10-4/common/etc/ati/authatieventsd.sh
|| ---- fglrx-driver-10-4.orig//common/etc/ati/authatieventsd.sh 2010-04-15 18:44:15.000000000 +0200
|| -+++ fglrx-driver-10-4/common/etc/ati/authatieventsd.sh 2010-04-29 19:16:43.000000000 +0200
|| +diff -Naur fglrx-driver-11-6.orig/common/etc/ati/authatieventsd.sh fglrx-driver-11-6/common/etc/ati/authatieventsd.sh
|| +--- fglrx-driver-11-6.orig/common/etc/ati/authatieventsd.sh 2011-06-01 23:20:56.000000000 +0200
|| ++++ fglrx-driver-11-6/common/etc/ati/authatieventsd.sh 2011-07-04 20:13:52.841207585 +0200
|| @@ -42,6 +42,16 @@
|| return 0
|| fi
|| @@ -46,7 +46,7 @@
|| + if [ `pinky -fs | awk '{ if ($3 == "'$2'" || $(NF) == "'$2'" ) { print $1; exit; } }'` ]; then
|| + user=`pinky -fs | awk '{ if ($3 == "'$2'" || $(NF) == "'$2'" ) { print $1; exit; } }'`
|| + if [ -n "$DISP_AUTH_KEY" ]; then
|| -+ su $user -c "xauth -f $3 add $2 . $DISP_AUTH_KEY" || exit -1
|| ++ su $user -c "echo \"$2 . $DISP_AUTH_KEY\" | xauth -f $3 merge - || exit -1"
|| + else
|| + exit -1
|| + fi
Unfortunately, no.
The cookie is no longer passed on the command line to xauth, but it
still passed to su. Try something like this (still needs testing):
echo "$2 . $DISP_AUTH_KEY" | su $user -c "xauth -f $3 merge - || exit -1"
Ciao. Vincent.
--
Vincent Zweije <vincent at zweije.nl> | "If you're flamed in a group you
<http://www.xs4all.nl/~zweije/> | don't read, does anybody get burnt?"
[Xhost should be taken out and shot] | -- Paul Tomblin on a.s.r.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-fglrx-devel/attachments/20110704/993fc0cd/attachment-0001.pgp>
More information about the Pkg-fglrx-devel
mailing list