From 6eb4e2303aaab8d64e3f6cbc0bbee55689bdcb82 Mon Sep 17 00:00:00 2001 From: Adam Jackson Date: Mon, 20 Mar 2006 14:01:05 +0000 Subject: [PATCH] Bug #6213: Check geteuid's return value, not its address, otherwise unprivileged users can set the modulepath and run arbitrary code. Patch from Matthieu Herrb. (CVE-2006-0745, Coverity #4) --- ChangeLog | 7 +++++++ hw/xfree86/common/xf86Init.c | 6 +++--- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 843c3cfde..2d6e1a18a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +2006-03-20 Adam Jackson + + * hw/xfree86/common/xf86Init.c: + Bug #6213: Check geteuid's return value, not its address, otherwise + unprivileged users can set the modulepath and run arbitrary code. + Patch from Matthieu Herrb. (CVE-2006-0745, Coverity #4) + 2006-03-16 Kristian Høgsberg * configure.ac: Check for glproto when building GLX and make sure diff --git a/hw/xfree86/common/xf86Init.c b/hw/xfree86/common/xf86Init.c index 5af479a1a..49947ca75 100644 --- a/hw/xfree86/common/xf86Init.c +++ b/hw/xfree86/common/xf86Init.c @@ -1,5 +1,5 @@ /* $XFree86: xc/programs/Xserver/hw/xfree86/common/xf86Init.c,v 3.212 2004/01/27 01:31:45 dawes Exp $ */ -/* $XdotOrg: xserver/xorg/hw/xfree86/common/xf86Init.c,v 1.30 2006/02/13 04:43:40 benh Exp $ */ +/* $XdotOrg: xserver/xorg/hw/xfree86/common/xf86Init.c,v 1.31 2006/03/07 23:58:22 idr Exp $ */ /* * Loosely based on code bearing the following copyright: @@ -1377,7 +1377,7 @@ ddxProcessArgument(int argc, char **argv, int i) } /* First the options that are only allowed for root */ - if (getuid() == 0 || geteuid != 0) + if (getuid() == 0 || geteuid() != 0) { if (!strcmp(argv[i], "-modulepath")) { @@ -1677,7 +1677,7 @@ ddxProcessArgument(int argc, char **argv, int i) } if (!strcmp(argv[i], "-configure")) { - if (getuid() != 0 && geteuid == 0) { + if (getuid() != 0 && geteuid() == 0) { ErrorF("The '-configure' option can only be used by root.\n"); exit(1); }