98N/A#

98N/A# Copyright 2007 Sun Microsystems, Inc. All rights reserved.

98N/A#

98N/A# Permission is hereby granted, free of charge, to any person obtaining a

98N/A# copy of this software and associated documentation files (the

98N/A# "Software"), to deal in the Software without restriction, including

98N/A# without limitation the rights to use, copy, modify, merge, publish,

98N/A# distribute, and/or sell copies of the Software, and to permit persons

98N/A# to whom the Software is furnished to do so, provided that the above

98N/A# copyright notice(s) and this permission notice appear in all copies of

98N/A# the Software and that both the above copyright notice(s) and this

98N/A# permission notice appear in supporting documentation.

98N/A#

98N/A# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS

98N/A# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF

98N/A# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT

98N/A# OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR

98N/A# HOLDERS INCLUDED IN THIS NOTICE BE LIABLE FOR ANY CLAIM, OR ANY SPECIAL

98N/A# INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES WHATSOEVER RESULTING

98N/A# FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,

98N/A# NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION

98N/A# WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

98N/A#

98N/A# Except as contained in this notice, the name of a copyright holder

98N/A# shall not be used in advertising or otherwise to promote the sale, use

98N/A# or other dealings in this Software without prior written authorization

98N/A# of the copyright holder.

98N/A#

194N/A# @(#)setuid.patch 1.2 07/01/03 SMI

606N/A#

606N/A

606N/AAdditional security checks for setuid programs that X.Org upstream doesn't

606N/Ahave yet.

606N/A

606N/A--- src/RdFToI.c 2006-10-11 15:31:40.000000000 -0700

606N/A+++ src/RdFToI.c 2006-10-03 16:34:35.553330000 -0700

606N/A@@ -154,7 +154,15 @@

606N/A goto err;

98N/A if ( 0 == pid )

194N/A {

606N/A- execlp(cmd, cmd, arg1, (char *)NULL);

606N/A+/* #ifdef SUNSOFT */

606N/A+ closefrom(3);

98N/A+ if (issetugid()) {

98N/A+ char commandpath[32] = "/usr/bin/";

98N/A+ strlcat(commandpath, cmd, sizeof(commandpath));

98N/A+ execl(commandpath, cmd, arg1, NULL);

191N/A+ } else

98N/A+/* #endif */

606N/A+ execlp(cmd, cmd, arg1, NULL);

606N/A perror(cmd);

194N/A goto err;

98N/A }

98N/A

98N/A--- src/WrFFrI.c 2006-10-11 15:31:40.000000000 -0700

98N/A+++ src/WrFFrI.c 2006-10-03 16:34:35.563386000 -0700

606N/A@@ -139,7 +139,8 @@

606N/A }

606N/A if (index(name, '-')) {

194N/A if (name != new_name) {

606N/A- strcpy(new_name, name);

606N/A+ strncpy(new_name, name, sizeof(new_name));

606N/A+ new_name[sizeof(new_name)-1] = '\0';

98N/A name = new_name;

98N/A }

98N/A /* change '-' to '_' */

98N/A