commit f05f9dc7532ea41c49b3e9385165d942dfab5d0e Author: Timothy Pearson Date: 1327036924 -0600 If someone manages to close down kdesktop_lock through an undiscovered security vulnerability such as http://security-tracker.debian.org/tracker/CVE-2012-0064, immediately terminate the compromised TDE session diff --git a/kdesktop/lock/lockprocess.cc b/kdesktop/lock/lockprocess.cc index 6bd18f7..2588bbf 100644 --- a/kdesktop/lock/lockprocess.cc +++ b/kdesktop/lock/lockprocess.cc @@ -326,10 +326,8 @@ static int signal_pipe[2]; static void sigterm_handler(int) { if (!trinity_desktop_lock_in_sec_dlg) { - char tmp = 'T'; - if (::write( signal_pipe[1], &tmp, 1) == -1) { - // Error handler to shut up gcc warnings - } + // Exit uncleanly + exit(1); } } @@ -522,7 +520,7 @@ void LockProcess::setupSignals() sigaddset(&(act.sa_mask), SIGQUIT); act.sa_flags = 0; sigaction(SIGQUIT, &act, 0L); - // exit cleanly on SIGTERM + // exit uncleanly on SIGTERM act.sa_handler= sigterm_handler; sigemptyset(&(act.sa_mask)); sigaddset(&(act.sa_mask), SIGTERM); diff --git a/kdesktop/lockeng.cc b/kdesktop/lockeng.cc index b957218..c5306e9 100644 --- a/kdesktop/lockeng.cc +++ b/kdesktop/lockeng.cc @@ -36,10 +36,11 @@ bool trinity_lockeng_sak_available = TRUE; // a newly started process. // SaverEngine::SaverEngine() - : KScreensaverIface(), - TQWidget(), + : TQWidget(), + KScreensaverIface(), mBlankOnly(false), - mSAKProcess(NULL) + mSAKProcess(NULL), + mTerminationRequested(false) { // Save X screensaver parameters XGetScreenSaver(qt_xdisplay(), &mXTimeout, &mXInterval, @@ -340,6 +341,7 @@ void SaverEngine::stopLockProcess() kdDebug(1204) << "SaverEngine: stopping lock" << endl; emitDCOPSignal("KDE_stop_screensaver()", TQByteArray()); + mTerminationRequested=true; mLockProcess.kill(); if (mEnabled) @@ -357,7 +359,33 @@ void SaverEngine::stopLockProcess() void SaverEngine::lockProcessExited() { +printf("Lock process exited\n\r"); fflush(stdout); + bool abnormalExit = false; kdDebug(1204) << "SaverEngine: lock exited" << endl; + if (mLockProcess.normalExit() == false) { + abnormalExit = true; + } + else { + if (mLockProcess.exitStatus() != 0) { + abnormalExit = true; + } + } + if (mTerminationRequested == true) { + abnormalExit = false; + } + if (abnormalExit == true) { + // PROBABLE HACKING ATTEMPT DETECTED + // Terminate the TDE session ASAP! + // Values are explained at http://lists.kde.org/?l=kde-linux&m=115770988603387 + TQByteArray data; + TQDataStream arg(data, IO_WriteOnly); + arg << (int)0 << (int)0 << (int)2; + if ( ! kapp->dcopClient()->send("ksmserver", "default", "logout(int,int,int)", data) ) { + // Someone got to DCOP before we did + // Try an emergency system logout + system("logout"); + } + } if (trinity_lockeng_sak_available == TRUE) { handleSecureDialog(); } diff --git a/kdesktop/lockeng.h b/kdesktop/lockeng.h index b1e31bd..ae81f90 100644 --- a/kdesktop/lockeng.h +++ b/kdesktop/lockeng.h @@ -114,6 +114,7 @@ protected: private: KProcess* mSAKProcess; + bool mTerminationRequested; }; #endif commit 5f8d730703882e1335305a2c43a378f0c4b96e8e Author: Timothy Pearson Date: 1327216641 -0600 Fix desktop lock diff --git a/kdesktop/lock/lockprocess.cc b/kdesktop/lock/lockprocess.cc index 2588bbf..5acc96e 100644 --- a/kdesktop/lock/lockprocess.cc +++ b/kdesktop/lock/lockprocess.cc @@ -630,6 +630,8 @@ void LockProcess::startSecureDialog() return; } + setGeometry(0, 0, mRootWidth, mRootHeight); + int ret; SecureDlg inDlg( this ); inDlg.setRetInt(&ret); diff --git a/kdesktop/lock/main.cc b/kdesktop/lock/main.cc index 2711c36..c0b8e24 100644 --- a/kdesktop/lock/main.cc +++ b/kdesktop/lock/main.cc @@ -181,14 +181,14 @@ int main( int argc, char **argv ) rt = process.runSecureDialog(); } else { - return 1; + return 0; } } else { rt = process.defaultSave(); } if (!rt) { - return 1; + return 0; } if( sig ) diff --git a/kdesktop/lockeng.cc b/kdesktop/lockeng.cc index fb0f754..5307c5c 100644 --- a/kdesktop/lockeng.cc +++ b/kdesktop/lockeng.cc @@ -372,6 +372,7 @@ printf("Lock process exited\n\r"); fflush(stdout); } if (mTerminationRequested == true) { abnormalExit = false; + mTerminationRequested = false; } if (abnormalExit == true) { // PROBABLE HACKING ATTEMPT DETECTED