Re: gpm-root

[egmont () FAZEKAS HU (Koblinger Egmont)]

I sent them the bug report and the patch several times even before the
1.18.x releases.  Okay, I didn't read the README of 1.19, I just thought
it was time to tell the world not to install gpm-root, because the authors
simply ignored this security problem. Okay, you're right, I send the patch
at the end of this message.

bye
Egmont

> Well, if you would check README in 1.19.0 version, you would notice
> following fragment:
>
>       =========== MAINTAINANCE
>       As of 1.19.0, gpm is officially unmaintained. I can't do it any more,
>       and nobody expressed interest in it.
>
> So I don't think it is fair to blame someone who spent a great deal of
> their time doing gpm and has just quit it. Instead of blaming them
> how about making up a patch and telling everybody "here's a patch
> which fixes this problem".

diff -u -r -N ../gpm-1.19.0.orig/doc/doc.gpm ./doc/doc.gpm
--- ../gpm-1.19.0.orig/doc/doc.gpm      Mon Feb  7 23:34:00 2000
+++ ./doc/doc.gpm       Thu Mar 23 14:37:43 2000
@@ -1969,6 +1969,12 @@
         be broken by this daemon. Things should be sufficiently secure, but
         if you find a hole please tell me about it.

+@item -r
+        Always run commands as root instead of the user who owns the tty.
+        Implies -u. This is useful for those system administrators who
+        put menu entries to reboot or halt the system, start or stop
+        xdm, change keyboard layout etc.
+
 @item -D
         Do not automatically enter background operation when started,
         and log messages to the standard error stream, not the syslog
diff -u -r -N ../gpm-1.19.0.orig/gpm-root.y ./gpm-root.y
--- ../gpm-1.19.0.orig/gpm-root.y       Thu Oct  7 20:15:18 1999
+++ ./gpm-root.y        Thu Mar 23 14:37:43 2000
@@ -41,6 +41,7 @@
 #include <sys/syslog.h>
 #include <signal.h>         /* sigaction() */
 #include <pwd.h>            /* pwd entries */
+#include <grp.h>            /* initgroups() */
 #include <sys/kd.h>         /* KDGETMODE */
 #include <sys/stat.h>       /* fstat() */
 #include <sys/utsname.h>    /* uname() */
@@ -117,6 +118,7 @@
 int opt_mod     =  4;           /* control */
 int opt_buf     =  0;           /* ask the kernel about it */
 int opt_user    =  1;           /* allow user cfg files */
+int opt_root    =  0;           /* run everything as root */

@@ -447,6 +449,7 @@
 void f__fix(struct passwd *pass)
 {
   setgid(pass->pw_gid);
+  initgroups(pass->pw_name, pass->pw_gid);
   setuid(pass->pw_uid);
   setenv("HOME",    pass->pw_dir, 1);
   setenv("LOGNAME", pass->pw_name,1);
@@ -539,7 +542,7 @@
           return 1;

         case 0:
-         setuid(uid);
+         if (opt_root) uid=0;
           pass=getpwuid(uid);
           if (!pass) exit(1);
           f__fix(pass);
@@ -926,6 +929,7 @@
   printf("  Valid options are\n"
          "    -m <number-or-name>   modifier to use\n"
          "    -u                    inhibit user configuration files\n"
+         "    -r                    run commands as root\n"
          "    -D                    don't auto-background and run as daemon\n"
          "    -V <verbosity-delta>  increase amount of logged messages\n"
          );
@@ -971,12 +975,13 @@
   int opt;

   gpm_log_daemon = 1;
-  while ((opt = getopt(argc, argv,"m:uDV::")) != -1)
+  while ((opt = getopt(argc, argv,"m:urDV::")) != -1)
     {
       switch (opt)
         {
         case 'm':  opt_mod=getmask(optarg, tableMod); break;
         case 'u':  opt_user=0; break;
+        case 'r':  opt_root=1; opt_user=0; break;
         case 'D':  gpm_log_daemon = 0; break;
         case 'V':
           gpm_debug_level += (0 == optarg ? 1 : strtol(optarg, 0, 0));