diff options
author | joerg <joerg@pkgsrc.org> | 2006-03-20 21:34:59 +0000 |
---|---|---|
committer | joerg <joerg@pkgsrc.org> | 2006-03-20 21:34:59 +0000 |
commit | 2d207a69db02c3ee1f93446a2d66f5058513774c (patch) | |
tree | ad1fd0060539797c22252edab00295f024a6c415 /x11/xorg-libs | |
parent | fe2e06881370689f880bbbf04739e3fb8f603edc (diff) | |
download | pkgsrc-2d207a69db02c3ee1f93446a2d66f5058513774c.tar.gz |
Fix CVE-2006-0745: Comparing the address of geteuid and 0 to detect
whether the server was started by non-root is not likely to ever work.
This could allow a local user to override system files or run arbitrary
code. Patch from the original advisory. Bump revision of xorg-server.
Diffstat (limited to 'x11/xorg-libs')
-rw-r--r-- | x11/xorg-libs/distinfo | 3 | ||||
-rw-r--r-- | x11/xorg-libs/patches/patch-bm | 20 |
2 files changed, 22 insertions, 1 deletions
diff --git a/x11/xorg-libs/distinfo b/x11/xorg-libs/distinfo index 1b64034d567..ddc3931431c 100644 --- a/x11/xorg-libs/distinfo +++ b/x11/xorg-libs/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.37 2006/03/02 23:57:14 joerg Exp $ +$NetBSD: distinfo,v 1.38 2006/03/20 21:34:59 joerg Exp $ SHA1 (X11R6.9.0-src1.tar.gz) = a6c077ed8fdeee5fe1956a427c4cb0bc266e1bef RMD160 (X11R6.9.0-src1.tar.gz) = d12270a4f41a3ceee4bfd5da22d387a3aa707df8 @@ -43,3 +43,4 @@ SHA1 (patch-be) = b9bc7d05429652400343609b123c99c76f64b33a SHA1 (patch-bf) = 753c56b84a6859fa4048d88a53f9c04400525d72 SHA1 (patch-bg) = 3db63fcbe81d9f801ccac6353ad4a213a15c3ffe SHA1 (patch-bl) = ccfd290ebffc08b9cd03b7eb83a9671b0e16baec +SHA1 (patch-bm) = f9b73b7c1bd7d6d6db6d23741d5d1125eea5f860 diff --git a/x11/xorg-libs/patches/patch-bm b/x11/xorg-libs/patches/patch-bm new file mode 100644 index 00000000000..afb7d4de763 --- /dev/null +++ b/x11/xorg-libs/patches/patch-bm @@ -0,0 +1,20 @@ +--- programs/Xserver/hw/xfree86/common/xf86Init.c.orig 2006-03-17 23:30:10.000000000 +0200 ++++ programs/Xserver/hw/xfree86/common/xf86Init.c 2006-03-17 23:29:35.000000000 +0200 +@@ -1376,7 +1376,7 @@ + } + + /* First the options that are only allowed for root */ +- if (getuid() == 0 || geteuid != 0) ++ if (getuid() == 0 || geteuid() != 0) + { + if (!strcmp(argv[i], "-modulepath")) + { +@@ -1679,7 +1679,7 @@ + } + if (!strcmp(argv[i], "-configure")) + { +- if (getuid() != 0 && geteuid == 0) { ++ if (getuid() != 0 && geteuid() == 0) { + ErrorF("The '-configure' option can only be used by root.\n"); + exit(1); + } |