From 0c43033ec29733cdae32ed84f97b43ba02e759ff Mon Sep 17 00:00:00 2001 From: Adam Jackson Date: Mon, 20 Mar 2006 14:00:37 +0000 Subject: Bug #6213: Check geteuid's return value, not its address, otherwise unprivileged users can set the modulepath and run arbitrary code. Patch from Matthieu Herrb. (CVE-2006-0745, Coverity #4) Bump to 1.0.2. --- ChangeLog | 10 ++++++++++ configure.ac | 2 +- hw/xfree86/common/xf86Init.c | 6 +++--- 3 files changed, 14 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0ea3c5183..635448a20 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,13 @@ +2006-03-20 Adam Jackson + + * hw/xfree86/common/xf86Init.c: + Bug #6213: Check geteuid's return value, not its address, otherwise + unprivileged users can set the modulepath and run arbitrary code. + Patch from Matthieu Herrb. (CVE-2006-0745, Coverity #4) + + * configure.ac: + Bump to 1.0.2. + 2006-03-16 Adam Jackson * render/picture.c: diff --git a/configure.ac b/configure.ac index 903403c80..8e4f7a31a 100644 --- a/configure.ac +++ b/configure.ac @@ -25,7 +25,7 @@ dnl Process this file with autoconf to create configure. AC_PREREQ(2.57) dnl This is the not the Xorg version number, it's the server version number. dnl Yes, that's weird. -AC_INIT([xorg-server], 1.0.1, [https://bugs.freedesktop.org/enter_bug.cgi?product=xorg], xorg-server) +AC_INIT([xorg-server], 1.0.2, [https://bugs.freedesktop.org/enter_bug.cgi?product=xorg], xorg-server) AC_CONFIG_SRCDIR([Makefile.am]) AM_INIT_AUTOMAKE([dist-bzip2 foreign]) AM_MAINTAINER_MODE diff --git a/hw/xfree86/common/xf86Init.c b/hw/xfree86/common/xf86Init.c index b73da71dc..b5692fae0 100644 --- a/hw/xfree86/common/xf86Init.c +++ b/hw/xfree86/common/xf86Init.c @@ -1,5 +1,5 @@ /* $XFree86: xc/programs/Xserver/hw/xfree86/common/xf86Init.c,v 3.212 2004/01/27 01:31:45 dawes Exp $ */ -/* $XdotOrg: $ */ +/* $XdotOrg: xserver/xorg/hw/xfree86/common/xf86Init.c,v 1.29 2005/12/14 20:11:16 ajax Exp $ */ /* * Loosely based on code bearing the following copyright: @@ -1376,7 +1376,7 @@ ddxProcessArgument(int argc, char **argv, int i) } /* First the options that are only allowed for root */ - if (getuid() == 0 || geteuid != 0) + if (getuid() == 0 || geteuid() != 0) { if (!strcmp(argv[i], "-modulepath")) { @@ -1679,7 +1679,7 @@ ddxProcessArgument(int argc, char **argv, int i) } if (!strcmp(argv[i], "-configure")) { - if (getuid() != 0 && geteuid == 0) { + if (getuid() != 0 && geteuid() == 0) { ErrorF("The '-configure' option can only be used by root.\n"); exit(1); } -- cgit v1.2.3