diff options
| author | Adam Jackson <ajax@nwnk.net> | 2006-03-20 14:00:37 +0000 |
|---|---|---|
| committer | Adam Jackson <ajax@nwnk.net> | 2006-03-20 14:00:37 +0000 |
| commit | 0c43033ec29733cdae32ed84f97b43ba02e759ff (patch) | |
| tree | 6656d032623ba0c00bfd84f12d584381691d8266 | |
| parent | fece3427035e1800abbfee6d0c4c5d6003ddf538 (diff) | |
Bug #6213: Check geteuid's return value, not its address, otherwiseserver-1_0_2server-1_0-branch
unprivileged users can set the modulepath and run arbitrary code. Patch
from Matthieu Herrb. (CVE-2006-0745, Coverity #4)
Bump to 1.0.2.
| -rw-r--r-- | ChangeLog | 10 | ||||
| -rw-r--r-- | configure.ac | 2 | ||||
| -rw-r--r-- | hw/xfree86/common/xf86Init.c | 6 |
3 files changed, 14 insertions, 4 deletions
@@ -1,3 +1,13 @@ +2006-03-20 Adam Jackson <ajax@freedesktop.org> + + * hw/xfree86/common/xf86Init.c: + Bug #6213: Check geteuid's return value, not its address, otherwise + unprivileged users can set the modulepath and run arbitrary code. + Patch from Matthieu Herrb. (CVE-2006-0745, Coverity #4) + + * configure.ac: + Bump to 1.0.2. + 2006-03-16 Adam Jackson <ajax@freedesktop.org> * render/picture.c: diff --git a/configure.ac b/configure.ac index 903403c80..8e4f7a31a 100644 --- a/configure.ac +++ b/configure.ac @@ -25,7 +25,7 @@ dnl Process this file with autoconf to create configure. AC_PREREQ(2.57) dnl This is the not the Xorg version number, it's the server version number. dnl Yes, that's weird. -AC_INIT([xorg-server], 1.0.1, [https://bugs.freedesktop.org/enter_bug.cgi?product=xorg], xorg-server) +AC_INIT([xorg-server], 1.0.2, [https://bugs.freedesktop.org/enter_bug.cgi?product=xorg], xorg-server) AC_CONFIG_SRCDIR([Makefile.am]) AM_INIT_AUTOMAKE([dist-bzip2 foreign]) AM_MAINTAINER_MODE diff --git a/hw/xfree86/common/xf86Init.c b/hw/xfree86/common/xf86Init.c index b73da71dc..b5692fae0 100644 --- a/hw/xfree86/common/xf86Init.c +++ b/hw/xfree86/common/xf86Init.c @@ -1,5 +1,5 @@ /* $XFree86: xc/programs/Xserver/hw/xfree86/common/xf86Init.c,v 3.212 2004/01/27 01:31:45 dawes Exp $ */ -/* $XdotOrg: $ */ +/* $XdotOrg: xserver/xorg/hw/xfree86/common/xf86Init.c,v 1.29 2005/12/14 20:11:16 ajax Exp $ */ /* * Loosely based on code bearing the following copyright: @@ -1376,7 +1376,7 @@ ddxProcessArgument(int argc, char **argv, int i) } /* First the options that are only allowed for root */ - if (getuid() == 0 || geteuid != 0) + if (getuid() == 0 || geteuid() != 0) { if (!strcmp(argv[i], "-modulepath")) { @@ -1679,7 +1679,7 @@ ddxProcessArgument(int argc, char **argv, int i) } if (!strcmp(argv[i], "-configure")) { - if (getuid() != 0 && geteuid == 0) { + if (getuid() != 0 && geteuid() == 0) { ErrorF("The '-configure' option can only be used by root.\n"); exit(1); } |