[Pkg-fglrx-devel] r636 - in fglrx-driver/trunk/debian: . patches

Tue Jul 19 00:28:19 UTC 2011

Author: gilbert-guest
Date: 2011-07-19 00:28:19 +0000 (Tue, 19 Jul 2011)
New Revision: 636

Modified:
   fglrx-driver/trunk/debian/changelog
   fglrx-driver/trunk/debian/patches/03-authatieventsd.sh.diff
Log:
securely handle xauth cookie

Modified: fglrx-driver/trunk/debian/changelog
===================================================================

--- fglrx-driver/trunk/debian/changelog	2011-07-04 18:46:45 UTC (rev 635)
+++ fglrx-driver/trunk/debian/changelog	2011-07-19 00:28:19 UTC (rev 636)
@@ -1,10 +1,11 @@
 fglrx-driver (1:11-6-3) UNRELEASED; urgency=medium
 
-  * Do not pass the DISP_AUTH_KEY visible on the command line visible for
-    everyone.
-    Closes: #625868
   * Do not remove old diversions, which are handled by glx-diversions now.
 
+  [ Michael Gilbert ]
+  * Fix insecure handling of secret xauth cookie in authatieventsd.sh
+    (closes: #625868).
+
  -- Patrick Matthäi <pmatthaei at debian.org>  Mon, 04 Jul 2011 20:46:08 +0200
 
 fglrx-driver (1:11-6-2) unstable; urgency=high

Modified: fglrx-driver/trunk/debian/patches/03-authatieventsd.sh.diff
===================================================================
--- fglrx-driver/trunk/debian/patches/03-authatieventsd.sh.diff	2011-07-04 18:46:45 UTC (rev 635)
+++ fglrx-driver/trunk/debian/patches/03-authatieventsd.sh.diff	2011-07-19 00:28:19 UTC (rev 636)
@@ -1,8 +1,9 @@
 # Make the authatieventsd.sh working on Debian.
 
-diff -Naur fglrx-driver-11-6.orig/common/etc/ati/authatieventsd.sh fglrx-driver-11-6/common/etc/ati/authatieventsd.sh
---- fglrx-driver-11-6.orig/common/etc/ati/authatieventsd.sh	2011-06-01 23:20:56.000000000 +0200
-+++ fglrx-driver-11-6/common/etc/ati/authatieventsd.sh	2011-07-04 20:13:52.841207585 +0200
+Index: fglrx-driver/common/etc/ati/authatieventsd.sh
+===================================================================
+--- fglrx-driver.orig/common/etc/ati/authatieventsd.sh	2011-07-18 19:32:39.000000000 -0400
++++ fglrx-driver/common/etc/ati/authatieventsd.sh	2011-07-18 20:25:31.000000000 -0400
 @@ -42,6 +42,16 @@
          return 0
      fi
@@ -35,27 +36,21 @@
      done
  
      # Couldn't find the key
-@@ -84,15 +96,29 @@
+@@ -83,16 +95,22 @@
+ case "$1" in
      grant)
          GetServerAuthFile $2 || exit -1
-         DISP_AUTH_KEY=`xauth -f $SERVER_AUTH_FILE list | grep $DISP_SEARCH_STRING | awk '{ print $3 }'`
+-        DISP_AUTH_KEY=`xauth -f $SERVER_AUTH_FILE list | grep $DISP_SEARCH_STRING | awk '{ print $3 }'`
 -        if [ -n "$DISP_AUTH_KEY" ]; then
 -            xauth -f $3 add $2 . $DISP_AUTH_KEY || exit -1
 -        else
 -            exit -1
++	xauth -f $SERVER_AUTH_FILE list | grep $DISP_SEARCH_STRING || exit -1
 +	if [ `pinky -fs | awk '{ if ($3 == "'$2'" || $(NF) == "'$2'" ) { print $1; exit; } }'` ]; then
 +		user=`pinky -fs | awk '{ if ($3 == "'$2'" || $(NF) == "'$2'" ) { print $1; exit; } }'`
-+		if [ -n "$DISP_AUTH_KEY" ]; then
-+					su $user -c "echo \"$2 . $DISP_AUTH_KEY\" | xauth -f $3 merge - || exit -1"
-+	        else
-+        	    exit -1
-+		fi
++		su $user -c "echo "$2 . `xauth -f $SERVER_AUTH_FILE list | grep $DISP_SEARCH_STRING | awk '{print $3}'`" | xauth -f $3 merge -" || exit -1
 +	else
-+		if [ -n "$DISP_AUTH_KEY" ]; then
-+        		    xauth -f $3 add $2 . $DISP_AUTH_KEY || exit -1
-+	        else
-+        	    exit -1
-+		fi
++		echo "$2 . `xauth -f $SERVER_AUTH_FILE list | grep $DISP_SEARCH_STRING | awk '{print $3}'`" | xauth -f $3 merge - || exit -1
          fi
          ;;
  


