Pullup ticket #2800 - requested by hasso
authortron <tron>
Thu, 18 Jun 2009 08:54:21 +0000 (08:54 +0000)
committertron <tron>
Thu, 18 Jun 2009 08:54:21 +0000 (08:54 +0000)
kdelibs3: security patch

Revisions pulled up:
- x11/kdelibs3/Makefile 1.141
---
Module Name:    pkgsrc
Committed By:   hasso
Date:           Tue Jun 16 16:09:36 UTC 2009

Modified Files:
        pkgsrc/x11/kdelibs3: Makefile

Log Message:
Fix a serious security issue for platforms using kgrantpty (NetBSD isn't
such, but DragonFly is): ${SETUID_ROOT_PERMS} doesn't work for suid
kgrantpty, because the locate() method used to find the path to the binary
expects it to have a read permissions set.

x11/kdelibs3/Makefile

index 2a0e91a..c2184cb 100644 (file)
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.139 2008/07/14 12:56:18 joerg Exp $
+# $NetBSD$
 
 DISTNAME=      kdelibs-${_KDE_VERSION}
+PKGREVISION=   1
 CATEGORIES=    x11
 COMMENT=       Support libraries for the KDE integrated X11 desktop
 
@@ -57,9 +58,12 @@ SUBST_FILES.kdemagic=        kio/magic
 SUBST_SED.kdemagic=    -n -e 'p' -e 's:/usr/local/bin:${LOCALBASE}/bin:p'
 
 SPECIAL_PERMS+=        ${PREFIX}/bin/fileshareset      ${SETUID_ROOT_PERMS}
-SPECIAL_PERMS+=        ${PREFIX}/bin/kgrantpty         ${SETUID_ROOT_PERMS}
 SPECIAL_PERMS+=        ${PREFIX}/bin/kpac_dhcp_helper  ${SETUID_ROOT_PERMS}
 
+# ${SETUID_ROOT_PERMS} doesn't work here because the locate() method used to
+# find the path to the kgrantpty expects it to have read permissions set.
+SPECIAL_PERMS+=        ${PREFIX}/bin/kgrantpty ${REAL_ROOT_USER} ${REAL_ROOT_GROUP} 4555
+
 .include "options.mk"
 
 PLIST_VARS+=           kded