diff options
Diffstat (limited to 'app/xinit/launchd/privileged_startx')
4 files changed, 47 insertions, 9 deletions
diff --git a/app/xinit/launchd/privileged_startx/10-tmpdirs.cpp b/app/xinit/launchd/privileged_startx/10-tmpdirs.cpp index 8012597f9..4366696ab 100644 --- a/app/xinit/launchd/privileged_startx/10-tmpdirs.cpp +++ b/app/xinit/launchd/privileged_startx/10-tmpdirs.cpp @@ -1,5 +1,5 @@ XCOMM!/bin/sh -XCOMM Copyright (c) 2008 Apple Inc. +XCOMM Copyright (c) 2008-2012 Apple Inc. XCOMM XCOMM Permission is hereby granted, free of charge, to any person XCOMM obtaining a copy of this software and associated documentation files @@ -36,11 +36,33 @@ else MKTEMP=mktemp fi +STAT=/usr/bin/stat + for dir in /tmp/.ICE-unix /tmp/.X11-unix /tmp/.font-unix ; do - XCOMM Use mktemp rather than mkdir to avoid possible security issue - XCOMM if $dir exists and is a symlink - if ${MKTEMP} -d ${dir} >& /dev/null ; then - chmod 1777 $dir - chown root:wheel $dir + success=0 + for attempt in 1 2 3 4 5 ; do + check=`${STAT} -f '%#p %u %g' ${dir} 2> /dev/null` + if [ "${check}" = "041777 0 0" ] ; then + success=1 + break + elif [ -n "${check}" ] ; then + saved=$(${MKTEMP} -d ${dir}-XXXXXXXX) + mv ${dir} ${saved} + echo "${dir} exists but is insecure. It has been moved into ${saved}" >&2 + fi + + # Use mktemp rather than mkdir to avoid possible security issue + # if $dir exists and is a symlink (ie protect against a race + # against the above check) + if ${MKTEMP} -d ${dir} >& /dev/null ; then + chmod 1777 $dir + chown root:wheel $dir + success=1 + break + fi + done + + if [ "${success}" -eq 0 ] ; then + echo "Could not successfully create ${dir}" >&2 fi done diff --git a/app/xinit/launchd/privileged_startx/Makefile.in b/app/xinit/launchd/privileged_startx/Makefile.in index 35d3bf370..5c738b94c 100644 --- a/app/xinit/launchd/privileged_startx/Makefile.in +++ b/app/xinit/launchd/privileged_startx/Makefile.in @@ -234,6 +234,7 @@ MISC_MAN_DIR = @MISC_MAN_DIR@ MISC_MAN_SUFFIX = @MISC_MAN_SUFFIX@ MKDIR_P = @MKDIR_P@ OBJEXT = @OBJEXT@ +OPENSSL = @OPENSSL@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ @@ -243,6 +244,8 @@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ RAWCPP = @RAWCPP@ RAWCPPFLAGS = @RAWCPPFLAGS@ SCOMAN = @SCOMAN@ @@ -330,7 +333,6 @@ CPP_SED_MAGIC = $(SED) -e '/^\# *[0-9][0-9]* *.*$$/d' \ -e '/^[ ]*XCOMM$$/s/XCOMM/\#/' \ -e '/^[ ]*XCOMM[^a-zA-Z0-9_]/s/XCOMM/\#/' \ -e '/^[ ]*XHASH/s/XHASH/\#/' \ - -e '/XSLASHGLOB/s/XSLASHGLOB/\/\*/' \ -e '/\@\@$$/s/\@\@$$/\\/' SUFFIXES = .cpp diff --git a/app/xinit/launchd/privileged_startx/privileged_startx.plist.cpp b/app/xinit/launchd/privileged_startx/privileged_startx.plist.cpp index 533fc32b2..e23e892a6 100644 --- a/app/xinit/launchd/privileged_startx/privileged_startx.plist.cpp +++ b/app/xinit/launchd/privileged_startx/privileged_startx.plist.cpp @@ -11,8 +11,12 @@ <string>SCRIPTDIR</string> </array> #ifdef TIGER_LAUNCHD + <key>RunAtLoad</key> + <true/> <key>KeepAlive</key> <true/> + <key>ServiceIPC</key> + <true/> #else <key>MachServices</key> <dict> diff --git a/app/xinit/launchd/privileged_startx/server.c b/app/xinit/launchd/privileged_startx/server.c index cfbb62311..a93cae3bc 100644 --- a/app/xinit/launchd/privileged_startx/server.c +++ b/app/xinit/launchd/privileged_startx/server.c @@ -125,9 +125,19 @@ int server_main(const char *dir) { aslclient aslc; checkin = launch_data_new_string(LAUNCH_KEY_CHECKIN); + if (!checkin) { + asl_log(NULL, NULL, ASL_LEVEL_ERR, "unable to create launchd checkin string"); + exit(EXIT_FAILURE); + } + config = launch_msg(checkin); - if (!config || launch_data_get_type(config) == LAUNCH_DATA_ERRNO) { - asl_log(NULL, NULL, ASL_LEVEL_ERR, "launchd checkin failed"); + if (!config) { + asl_log(NULL, NULL, ASL_LEVEL_ERR, "could not send a message to launchd"); + exit(EXIT_FAILURE); + } + + if (launch_data_get_type(config) == LAUNCH_DATA_ERRNO) { + asl_log(NULL, NULL, ASL_LEVEL_ERR, "launchd checkin failed eith error: %d %s", launch_data_get_errno(config), strerror(launch_data_get_errno(config))); exit(EXIT_FAILURE); } |