| Summary: | x11-misc/slim: open /var/log/slim.log close-on-exec | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Matthias Gerstner <matthias.gerstner> |
| Component: | Current packages | Assignee: | No maintainer - Look at https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers if you want to take care of it <maintainer-needed> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | axs, jstein |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Attachments: | Patch that causes /var/log/slim.log to be set close-on-exec | ||
There's a simpler, more portable fix, of just closing the log file before the execve call. However, this showed up some problems with the log file, which need fixing anyway. See https://sourceforge.net/projects/slim-fork/ rev7 The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=33127b6d177f2d123c333c239a4ca13bfafd8124 commit 33127b6d177f2d123c333c239a4ca13bfafd8124 Author: Robert Pearce <gentoo@flitspace.org.uk> AuthorDate: 2023-02-21 08:01:47 +0000 Commit: Viorel Munteanu <ceamac@gentoo.org> CommitDate: 2023-03-14 19:28:15 +0000 x11-misc/slim: Added ebuilds for the resurrected upstream project Fixed issues from pkgcheck List myself as a proxy maintainer Correct several issues pointed out in review by ceamac and added a -9999 ebuild in light of discussion Closes: https://bugs.gentoo.org/832562 Closes: https://bugs.gentoo.org/727544 Closes: https://bugs.gentoo.org/832303 Closes: https://bugs.gentoo.org/580458 Closes: https://bugs.gentoo.org/803476 Closes: https://bugs.gentoo.org/732430 Closes: https://bugs.gentoo.org/756181 Signed-off-by: Robert Pearce <gentoo@flitspace.org.uk> Closes: https://github.com/gentoo/gentoo/pull/29838 Signed-off-by: Viorel Munteanu <ceamac@gentoo.org> x11-misc/slim/Manifest | 2 + x11-misc/slim/files/slim-1.3.9-config.diff | 49 ++++++++++ .../slim/files/slim-1.3.9-greeter-session.diff | 12 +++ x11-misc/slim/files/slim-1.4.0-config.diff | 48 ++++++++++ x11-misc/slim/metadata.xml | 11 ++- x11-misc/slim/slim-1.3.9.ebuild | 98 +++++++++++++++++++ x11-misc/slim/slim-1.4.0.ebuild | 104 +++++++++++++++++++++ x11-misc/slim/slim-9999.ebuild | 104 +++++++++++++++++++++ 8 files changed, 426 insertions(+), 2 deletions(-) |
Created attachment 431162 [details, diff] Patch that causes /var/log/slim.log to be set close-on-exec x11-misc/slim maintains a log file in /var/log/slim.log. However, this log file is naively opened using a C++ fstream. Thus, the open file descriptor will be inherited to all graphical applications. This can be seen by using slim as the display manager, logging in and running ls -lh /proc/$$/fd Which will show an additional file descriptor for /var/log/slim.log This is a security issue on one hand, because just about any child process of slim can now write to /var/log/slim.log. On the other hand it is very ugly to see this additional file descriptor and some tools like LVM complain when there are unexpected open file descriptors flying around. Attached is a patch that will open the logfile with a libstdc++ proprieate stdio_filebuf and then set CLOEXEC on the corresponding file descriptor. The effect is then gone. However, the code will only continue to compile if a libstdc++ STL is around.