diff options
| author | joerg <joerg> | 2006-03-20 21:34:59 +0000 |
|---|---|---|
| committer | joerg <joerg> | 2006-03-20 21:34:59 +0000 |
| commit | b5f3bd5e7125b0225cbd2d60513bdea6e9b670fa (patch) | |
| tree | ad1fd0060539797c22252edab00295f024a6c415 | |
| parent | 7b920869cf1a93cb685773a3c5f538a86d9a07c5 (diff) | |
| download | pkgsrc-b5f3bd5e7125b0225cbd2d60513bdea6e9b670fa.tar.gz | |
Fix CVE-2006-0745: Comparing the address of geteuid and 0 to detect
whether the server was started by non-root is not likely to ever work.
This could allow a local user to override system files or run arbitrary
code. Patch from the original advisory. Bump revision of xorg-server.
| -rw-r--r-- | x11/xorg-libs/distinfo | 3 | ||||
| -rw-r--r-- | x11/xorg-libs/patches/patch-bm | 20 | ||||
| -rw-r--r-- | x11/xorg-server/Makefile | 4 |
3 files changed, 24 insertions, 3 deletions
diff --git a/x11/xorg-libs/distinfo b/x11/xorg-libs/distinfo index 1b64034d567..ddc3931431c 100644 --- a/x11/xorg-libs/distinfo +++ b/x11/xorg-libs/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.37 2006/03/02 23:57:14 joerg Exp $ +$NetBSD: distinfo,v 1.38 2006/03/20 21:34:59 joerg Exp $ SHA1 (X11R6.9.0-src1.tar.gz) = a6c077ed8fdeee5fe1956a427c4cb0bc266e1bef RMD160 (X11R6.9.0-src1.tar.gz) = d12270a4f41a3ceee4bfd5da22d387a3aa707df8 @@ -43,3 +43,4 @@ SHA1 (patch-be) = b9bc7d05429652400343609b123c99c76f64b33a SHA1 (patch-bf) = 753c56b84a6859fa4048d88a53f9c04400525d72 SHA1 (patch-bg) = 3db63fcbe81d9f801ccac6353ad4a213a15c3ffe SHA1 (patch-bl) = ccfd290ebffc08b9cd03b7eb83a9671b0e16baec +SHA1 (patch-bm) = f9b73b7c1bd7d6d6db6d23741d5d1125eea5f860 diff --git a/x11/xorg-libs/patches/patch-bm b/x11/xorg-libs/patches/patch-bm new file mode 100644 index 00000000000..afb7d4de763 --- /dev/null +++ b/x11/xorg-libs/patches/patch-bm @@ -0,0 +1,20 @@ +--- programs/Xserver/hw/xfree86/common/xf86Init.c.orig 2006-03-17 23:30:10.000000000 +0200 ++++ programs/Xserver/hw/xfree86/common/xf86Init.c 2006-03-17 23:29:35.000000000 +0200 +@@ -1376,7 +1376,7 @@ + } + + /* First the options that are only allowed for root */ +- if (getuid() == 0 || geteuid != 0) ++ if (getuid() == 0 || geteuid() != 0) + { + if (!strcmp(argv[i], "-modulepath")) + { +@@ -1679,7 +1679,7 @@ + } + if (!strcmp(argv[i], "-configure")) + { +- if (getuid() != 0 && geteuid == 0) { ++ if (getuid() != 0 && geteuid() == 0) { + ErrorF("The '-configure' option can only be used by root.\n"); + exit(1); + } diff --git a/x11/xorg-server/Makefile b/x11/xorg-server/Makefile index 5781b5fc839..d428de0d822 100644 --- a/x11/xorg-server/Makefile +++ b/x11/xorg-server/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.39 2006/03/02 23:57:14 joerg Exp $ +# $NetBSD: Makefile,v 1.40 2006/03/20 21:34:59 joerg Exp $ DISTNAME= ${DISTFILES} PKGNAME= xorg-server-${XORG_VER} -PKGREVISION= 6 +PKGREVISION= 7 CATEGORIES= x11 MASTER_SITES= ${MASTER_SITE_XORG} DISTFILES= X11R${XORG_VER}-src1.tar.gz \ |