diff options
author | atatat <atatat@pkgsrc.org> | 2003-02-12 00:47:52 +0000 |
---|---|---|
committer | atatat <atatat@pkgsrc.org> | 2003-02-12 00:47:52 +0000 |
commit | 3e4aff075b357112f899cd94a4fd0deee7a0407f (patch) | |
tree | 6bc3a8df63ef19bad53bcc79304364569be3adc9 /wm | |
parent | dbf78792e5fd24e20fbfc6cf01a746e8601d08b0 (diff) | |
download | pkgsrc-3e4aff075b357112f899cd94a4fd0deee7a0407f.tar.gz |
Re-open /dev/null on the (now) closed stdin file descriptor. The
fvwm2 changelog says they did this to make gmplayer realize it was not
running interactively (ie, its stdin was not a tty), but that means
that all things get executed with stdin closed. That's not a very
good security posture. Some things can get confused or do wrong
things if stdin is closed when they start.
Diffstat (limited to 'wm')
-rw-r--r-- | wm/fvwm2/Makefile | 3 | ||||
-rw-r--r-- | wm/fvwm2/distinfo | 3 | ||||
-rw-r--r-- | wm/fvwm2/patches/patch-ac | 27 |
3 files changed, 31 insertions, 2 deletions
diff --git a/wm/fvwm2/Makefile b/wm/fvwm2/Makefile index 34e1800c1db..8d039e262eb 100644 --- a/wm/fvwm2/Makefile +++ b/wm/fvwm2/Makefile @@ -1,9 +1,10 @@ -# $NetBSD: Makefile,v 1.29 2003/01/26 13:13:54 martti Exp $ +# $NetBSD: Makefile,v 1.30 2003/02/12 00:47:52 atatat Exp $ # FreeBSD Id: Makefile,v 1.12 1997/10/11 10:42:43 jkh Exp # DISTNAME= fvwm-${FVWM_VER} PKGNAME= fvwm2-${FVWM_VER} +PKGREVISION= 2 CATEGORIES= x11 wm MASTER_SITES= ftp://ftp.fvwm.org/pub/fvwm/version-2/ \ http://www.fvwm.org/generated/icon_download/ \ diff --git a/wm/fvwm2/distinfo b/wm/fvwm2/distinfo index f0127c0cd7a..6186fdd1105 100644 --- a/wm/fvwm2/distinfo +++ b/wm/fvwm2/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.18 2003/01/26 13:13:54 martti Exp $ +$NetBSD: distinfo,v 1.19 2003/02/12 00:47:52 atatat Exp $ SHA1 (fvwm-2.4.15.tar.gz) = 1b022b8c199ba4f3596aa1866b1181e6fc8f1f38 Size (fvwm-2.4.15.tar.gz) = 1778746 bytes @@ -6,3 +6,4 @@ SHA1 (fvwm_icons.tgz) = d6ee1e52f1a84c4edd722ccee0f7e9cc79cc2a4b Size (fvwm_icons.tgz) = 363406 bytes SHA1 (patch-aa) = 31533662f175f9958eed78b8d181c0b71296c6de SHA1 (patch-ab) = abbd63336b9aaf67a9fa9bbe4f49c1d7234c23d9 +SHA1 (patch-ac) = 714a3311683ce472cfbd60a052a02ec957ecfadb diff --git a/wm/fvwm2/patches/patch-ac b/wm/fvwm2/patches/patch-ac new file mode 100644 index 00000000000..87d9159adeb --- /dev/null +++ b/wm/fvwm2/patches/patch-ac @@ -0,0 +1,27 @@ +$NetBSD: patch-ac,v 1.1 2003/02/12 00:47:53 atatat Exp $ + +Re-open /dev/null on the (now) closed stdin file descriptor. The +fvwm2 changelog says they did this to make gmplayer realize it was +not running interactively (ie, its stdin was not a tty), but that +means that all things get executed with stdin closed. That's not a +very good security posture. Some things can get confused or do +wrong things if stdin is closed when they start. + +--- fvwm/builtins.c.orig 2003-01-16 07:58:58.000000000 -0500 ++++ fvwm/builtins.c +@@ -23,6 +23,7 @@ + + #include "config.h" + ++#include <fcntl.h> + #include <stdio.h> + #include <signal.h> + #include <errno.h> +@@ -784,6 +785,7 @@ void CMD_Exec(F_CMD_ARGS) + { + /* close stdin so the exec'd process knows its not interactive */ + close(0); ++ open("/dev/null", O_RDWR); + if (execl(exec_shell_name, exec_shell_name, "-c", cmd, NULL)==-1) + { + fvwm_msg(ERR,"exec_function","execl failed (%s)",strerror(errno)); |