Fix CVE-2006-0745: Comparing the address of geteuid and 0 to detect

whether the server was started by non-root is not likely to ever work. This could allow a local user to override system files or run arbitrary code. Patch from the original advisory. Bump revision of xorg-server.
author: joerg <joerg> 2006-03-20 21:34:59 +0000
committer: joerg <joerg> 2006-03-20 21:34:59 +0000
commit: c3490439bda85014e046bd25192be9be9b5db9dd (patch)
tree: ad1fd0060539797c22252edab00295f024a6c415 /x11/xorg-libs/patches
parent: 3a8e50b805205ce4009eb78d2ea3873503b0e4ca (diff)
download: pkgsrc-c3490439bda85014e046bd25192be9be9b5db9dd.tar.gz
1 files changed, 20 insertions, 0 deletions
diff --git a/x11/xorg-libs/patches/patch-bm b/x11/xorg-libs/patches/patch-bm
new file mode 100644
index 00000000000..afb7d4de763
--- /dev/null
+++ b/x11/xorg-libs/patches/patch-bm
@@ -0,0 +1,20 @@
+--- programs/Xserver/hw/xfree86/common/xf86Init.c.orig	2006-03-17 23:30:10.000000000 +0200
++++ programs/Xserver/hw/xfree86/common/xf86Init.c	2006-03-17 23:29:35.000000000 +0200
+@@ -1376,7 +1376,7 @@
+     }
+   
+   /* First the options that are only allowed for root */
+-  if (getuid() == 0 || geteuid != 0)
++  if (getuid() == 0 || geteuid() != 0)
+   {
+     if (!strcmp(argv[i], "-modulepath"))
+     {
+@@ -1679,7 +1679,7 @@
+   }
+   if (!strcmp(argv[i], "-configure"))
+   {
+-    if (getuid() != 0 && geteuid == 0) {
++    if (getuid() != 0 && geteuid() == 0) {
+ 	ErrorF("The '-configure' option can only be used by root.\n");
+ 	exit(1);
+     }
author	joerg <joerg>	2006-03-20 21:34:59 +0000
committer	joerg <joerg>	2006-03-20 21:34:59 +0000
commit	c3490439bda85014e046bd25192be9be9b5db9dd (patch)
tree	ad1fd0060539797c22252edab00295f024a6c415 /x11/xorg-libs/patches
parent	3a8e50b805205ce4009eb78d2ea3873503b0e4ca (diff)
download	pkgsrc-c3490439bda85014e046bd25192be9be9b5db9dd.tar.gz