$NetBSD: patch-ac,v 1.6 2008/04/03 22:42:33 tonnerre Exp $

Fix X11 privilege escalation vulnerability (CVE-2008-1142).

--- src/startup.c.orig	2008-03-31 19:27:46.000000000 +0200
+++ src/startup.c
@@ -95,11 +95,7 @@ eterm_bootstrap(int argc, char *argv[])
     init_libast();
 
     /* Open display, get options/resources and create the window */
-    if (getenv("DISPLAY") == NULL) {
-        display_name = STRDUP(":0");
-    } else {
-        display_name = STRDUP(getenv("DISPLAY"));
-    }
+    display_name = NULL;
 
     /* This MUST be called before any other Xlib functions */
 #ifdef SPIFOPT_SETTING_PREPARSE
@@ -116,7 +112,9 @@ eterm_bootstrap(int argc, char *argv[])
     privileges(REVERT);
 #endif
     if (!Xdisplay && !(Xdisplay = XOpenDisplay(display_name))) {
-        libast_print_error("can't open display %s\n", display_name);
+        libast_print_error("can't open display %s\n", display_name?display_name:
+			getenv("DISPLAY")?getenv("DISPLAY"):
+			"as no -display given and DISPLAY not set");
         exit(EXIT_FAILURE);
     }
     XSetErrorHandler((XErrorHandler) xerror_handler);