hi, Security fix for KDM, "which would allow a normal user to login as another user or even root without properly supplying login credentials."
http://www.kde.org/info/security/advisory-20070919-1.txt please test and comment. cheers, jasper Index: Makefile =================================================================== RCS file: /cvs/ports/x11/kde/base3/Makefile,v retrieving revision 1.77 diff -u -r1.77 Makefile --- Makefile 15 Sep 2007 20:04:21 -0000 1.77 +++ Makefile 25 Sep 2007 18:33:37 -0000 @@ -6,7 +6,7 @@ CATEGORIES= x11 x11/kde VERSION= 3.5.7 DISTNAME= kdebase-${VERSION} -PKGNAME-main= ${DISTNAME}p1 +PKGNAME-main= ${DISTNAME}p2 PKGNAME-samba= kdesamba-${VERSION} MODKDE_VERSION?= 3.5.7 SHARED_LIBS += konq 7.0 # .6.0 Index: patches/patch-kdm_backend_session_c =================================================================== RCS file: patches/patch-kdm_backend_session_c diff -N patches/patch-kdm_backend_session_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-kdm_backend_session_c 25 Sep 2007 18:33:37 -0000 @@ -0,0 +1,64 @@ +$OpenBSD$ +--- kdm/backend/session.c.orig Thu Jan 19 18:03:14 2006 ++++ kdm/backend/session.c Tue Sep 25 20:28:25 2007 +@@ -121,8 +121,9 @@ conv_auto( int what, const char *prompt ATTR_UNUSED ) + static void + DoAutoLogon( void ) + { +- StrDup( &curuser, td->autoUser ); +- StrDup( &curpass, td->autoPass ); ++ ReStr( &curuser, td->autoUser ); ++ ReStr( &curpass, td->autoPass ); ++ ReStr( &curtype, "classic" ); + cursource = PWSRC_AUTOLOGIN; + } + +@@ -141,7 +142,9 @@ AutoLogon( Time_t tdiff ) + td->hstent->npass = 0; + newdmrc = td->hstent->nargs; + td->hstent->nargs = 0; ++ ReStr( &curtype, "classic" ); + cursource = (td->hstent->rLogin == 1) ? PWSRC_RELOGIN : PWSRC_MANUAL; ++ return 1; + } else if (*td->autoUser && !td->autoDelay && (tdiff > 0 || td->autoAgain)) + { + unsigned int lmask; +@@ -153,11 +156,9 @@ AutoLogon( Time_t tdiff ) + if (lmask & ShiftMask) + return 0; + DoAutoLogon(); +- } else { +- cursource = PWSRC_MANUAL; +- return 0; ++ return 1; + } +- return 1; ++ return 0; + } + + +@@ -369,6 +370,7 @@ CtrlGreeterWait( int wreply ) + if (curtype) free( curtype ); + curtype = GRecvStr(); + Debug( " type %\"s\n", curtype ); ++ cursource = PWSRC_MANUAL; + if (Verify( conv_interact, rootok )) { + Debug( " -> return success\n" ); + GSendInt( V_OK ); +@@ -378,7 +380,6 @@ CtrlGreeterWait( int wreply ) + case G_AutoLogin: + Debug( "G_AutoLogin\n" ); + DoAutoLogon(); +- StrDup( &curtype, "classic" ); + if (Verify( conv_auto, FALSE )) { + Debug( " -> return success\n" ); + GSendInt( V_OK ); +@@ -565,7 +566,7 @@ ManageSession( struct display *d ) + tdiff = td->autoAgain ? + 1 : time( 0 ) - td->hstent->lastExit - td->openDelay; + if (AutoLogon( tdiff )) { +- if (!StrDup( &curtype, "classic" ) || !Verify( conv_auto, FALSE )) ++ if (!Verify( conv_auto, FALSE )) + goto gcont; + if (greeter) + GSendInt( V_OK ); -- ``Sapere aude!''