summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog10
-rw-r--r--configure.ac2
-rw-r--r--hw/xfree86/common/xf86Init.c6
3 files changed, 14 insertions, 4 deletions
diff --git a/ChangeLog b/ChangeLog
index 0ea3c5183..635448a20 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+2006-03-20 Adam Jackson <ajax@freedesktop.org>
+
+ * hw/xfree86/common/xf86Init.c:
+ Bug #6213: Check geteuid's return value, not its address, otherwise
+ unprivileged users can set the modulepath and run arbitrary code.
+ Patch from Matthieu Herrb. (CVE-2006-0745, Coverity #4)
+
+ * configure.ac:
+ Bump to 1.0.2.
+
2006-03-16 Adam Jackson <ajax@freedesktop.org>
* render/picture.c:
diff --git a/configure.ac b/configure.ac
index 903403c80..8e4f7a31a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -25,7 +25,7 @@ dnl Process this file with autoconf to create configure.
AC_PREREQ(2.57)
dnl This is the not the Xorg version number, it's the server version number.
dnl Yes, that's weird.
-AC_INIT([xorg-server], 1.0.1, [https://bugs.freedesktop.org/enter_bug.cgi?product=xorg], xorg-server)
+AC_INIT([xorg-server], 1.0.2, [https://bugs.freedesktop.org/enter_bug.cgi?product=xorg], xorg-server)
AC_CONFIG_SRCDIR([Makefile.am])
AM_INIT_AUTOMAKE([dist-bzip2 foreign])
AM_MAINTAINER_MODE
diff --git a/hw/xfree86/common/xf86Init.c b/hw/xfree86/common/xf86Init.c
index b73da71dc..b5692fae0 100644
--- a/hw/xfree86/common/xf86Init.c
+++ b/hw/xfree86/common/xf86Init.c
@@ -1,5 +1,5 @@
/* $XFree86: xc/programs/Xserver/hw/xfree86/common/xf86Init.c,v 3.212 2004/01/27 01:31:45 dawes Exp $ */
-/* $XdotOrg: $ */
+/* $XdotOrg: xserver/xorg/hw/xfree86/common/xf86Init.c,v 1.29 2005/12/14 20:11:16 ajax Exp $ */
/*
* Loosely based on code bearing the following copyright:
@@ -1376,7 +1376,7 @@ ddxProcessArgument(int argc, char **argv, int i)
}
/* First the options that are only allowed for root */
- if (getuid() == 0 || geteuid != 0)
+ if (getuid() == 0 || geteuid() != 0)
{
if (!strcmp(argv[i], "-modulepath"))
{
@@ -1679,7 +1679,7 @@ ddxProcessArgument(int argc, char **argv, int i)
}
if (!strcmp(argv[i], "-configure"))
{
- if (getuid() != 0 && geteuid == 0) {
+ if (getuid() != 0 && geteuid() == 0) {
ErrorF("The '-configure' option can only be used by root.\n");
exit(1);
}