Re: no kernel exec fencing, wtf?

Tue, 21 Dec 2010 14:07:28 -0800 

On Tue, Dec 21, 2010 at 10:38:42PM +0100, frantisek holop wrote:
> hmm, on Tue, Dec 21, 2010 at 10:10:22PM +0100, Matthieu Herrb said that
> > Don't pass -keepPriv to X server (would be in /etc/X11/xdm/Xservers)
> 
> bingo.
> 
> > I don't know if something went wrong with the snapshot builds recently
> > or if you changed something that you forgot to tell me in you
> > install, but on all machines I checked privsep is still active by
> > default. 
> 
> the only reason i can think of that option being there
> is when i was asked to do so for producing a bug report
> for the intel driver :]
> 
> but that was weeks, months ago.  i am quite sure
> xdm has been restarted many times since then
> (altough nowadays i hybernate :])
> 
> a semi-mystery.
> 
> thanks a million.
> 
> -f
> -- 
> the man who makes no mistakes does not usually make anything.
> 

Can you test the patch below for the -keepPriv case? 

Index: lib/libdrm/xf86drm.c
===================================================================
RCS file: /cvs/OpenBSD/xenocara/lib/libdrm/xf86drm.c,v
retrieving revision 1.4
diff -u -p -u -r1.4 xf86drm.c
--- lib/libdrm/xf86drm.c        31 Mar 2010 06:31:45 -0000      1.4
+++ lib/libdrm/xf86drm.c        21 Dec 2010 21:25:43 -0000
@@ -293,7 +293,7 @@ static int drmOpenDevice(long dev, int m
        return fd;
 
     drmMsg("drmOpenDevice: Open failed\n");
-    remove(buf);
+    
     return -errno;
 }
 
Index: xserver/os/privsep.c
===================================================================
RCS file: /cvs/OpenBSD/xenocara/xserver/os/privsep.c,v
retrieving revision 1.15
diff -u -p -u -r1.15 privsep.c
--- xserver/os/privsep.c        5 Dec 2010 15:36:10 -0000       1.15
+++ xserver/os/privsep.c        21 Dec 2010 21:48:41 -0000
@@ -299,14 +299,21 @@ int
 priv_open_device(const char *path)
 {
        priv_cmd_t cmd;
+       struct okdev *dev;
 
        if (priv_fd != -1) {
                cmd.cmd = PRIV_OPEN_DEVICE;
                strlcpy(cmd.arg.open.path, path, MAXPATHLEN);
                write(priv_fd, &cmd, sizeof(cmd));
                return receive_fd(priv_fd);
-       } else 
-               return open(path, O_RDWR | O_NONBLOCK | O_EXCL);
+       } else {
+               if ((dev = open_ok(path)) != NULL)
+                       return open(path, dev->flags);
+               else {
+                       errno = EPERM;
+                       return -1;
+               }
+       }
 }
 
 /* send signal to parent process */

-- 
Matthieu Herrb

Reply via email to