From 3e44bcb60519310a3c1689f8af2424ffd192385b Mon Sep 17 00:00:00 2001
From: Ray Strode <rstrode@fedoraproject.org>
Date: Apr 11 2008 20:26:39 +0000
Subject: Fix security issue in last commit


---

diff --git a/gdm-2.21.10-fix-gaping-security-hole.patch b/gdm-2.21.10-fix-gaping-security-hole.patch
new file mode 100644
index 0000000..3b98bdf
--- /dev/null
+++ b/gdm-2.21.10-fix-gaping-security-hole.patch
@@ -0,0 +1,27 @@
+--- gdm-2.21.10/daemon/gdm-session-worker.c	(revision 6145)
++++ gdm-2.21.10/daemon/gdm-session-worker.c	(working copy)
+@@ -111,6 +111,7 @@ struct GdmSessionWorkerPrivate
+         char             *display_device;
+         char             *hostname;
+         char             *username;
++        uid_t             uid;
+         gboolean          password_is_required;
+ 
+         int               cred_flags;
+@@ -1176,6 +1177,7 @@ _change_user (GdmSessionWorker  *worker,
+                 return FALSE;
+         }
+ #endif
++        worker->priv->uid = uid;
+ 
+         if (setgid (gid) < 0) {
+                 return FALSE;
+@@ -1574,7 +1576,7 @@ gdm_session_worker_start_user_session (G
+                 char  *home_dir;
+                 int    fd;
+ 
+-                if (setuid (getuid ()) < 0) {
++                if (setuid (worker->priv->uid) < 0) {
+                         g_debug ("GdmSessionWorker: could not reset uid - %s", g_strerror (errno));
+                         _exit (1);
+                 }
diff --git a/gdm.spec b/gdm.spec
index 0976002..1fc996b 100644
--- a/gdm.spec
+++ b/gdm.spec
@@ -16,7 +16,7 @@
 Summary: The GNOME Display Manager
 Name: gdm
 Version: 2.21.10
-Release: 0.2008.04.11.1%{?dist}
+Release: 0.2008.04.11.2%{?dist}
 Epoch: 1
 License: GPLv2+
 Group: User Interface/X
@@ -77,6 +77,7 @@ BuildRequires: gnome-panel-devel
 Requires: audit-libs >= %{libauditver}
 Patch0: ck-multi.patch
 Patch1: xkb-groups.patch
+Patch2: gdm-2.21.10-fix-gaping-security-hole.patch
 Patch98: gdm-2.21.10-disable-debug-messages.patch
 Patch99: gdm-2.21.8-fedora-logo.patch
 
@@ -99,6 +100,7 @@ multiple simulanteous logged in users.
 %setup -q
 %patch0 -p1 -b .ck-multi
 %patch1 -p1 -b .xkb-groups
+%patch2 -p1 -b .fix-gaping-security-hole
 %patch98 -p1 -b .disable-debug-messages
 %patch99 -p1 -b .fedora-logo
 
@@ -297,6 +299,9 @@ fi
 %{_datadir}/gnome-2.0/ui/GNOME_FastUserSwitchApplet.xml
 
 %changelog
+* Fri Apr 11 2008 Ray Strode <rstrode@redhat.com> - 1:2.21.10-0.2008.04.11.2
+Fix security issue in last commit
+
 * Fri Apr 11 2008 Ray Strode <rstrode@redhat.com> - 1:2.21.10-0.2008.04.11.1
 - Fix focus handling when tabbing from user-chooser to buttons
 - don't set real uid to user before setcred