rpms / xorg-x11-server

Clone
Source Code
GIT

Blame SOURCES/0001-Disable-logfile-and-modulepath-when-running-with-ele.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   e9ded67103bbfb488653b0584cc379a8885da471
  2.   SOURCES
  3.   0001-Disable-logfile-and-modulepath-when-running-with-ele.patch
Blob History Raw
e9ded6 
From 2fda7c57e7ebe210cf5e2bb051a0a9271f85e80a Mon Sep 17 00:00:00 2001
e9ded6 
From: Matthieu Herrb <matthieu@herrb.eu>
e9ded6 
Date: Mon, 22 Oct 2018 14:33:25 -0400
e9ded6 
Subject: [PATCH xserver] Disable -logfile and -modulepath when running with
e9ded6 
 elevated privileges
e9ded6
e9ded6 
An unprivileged user was able to overwrite arbitrary files
e9ded6 
in directories in which it is able to chdir, potentially
e9ded6 
leading to privilege elevation.
e9ded6
e9ded6 
CVE-2018-14665
e9ded6
e9ded6 
An unprivileded user was able to load arbitrary modules
e9ded6 
from user controlled directories, leading to privilege
e9ded6 
elevation.
e9ded6
e9ded6 
CVE-2018-XXXXX
e9ded6
e9ded6 
Issues reported by Narendra Shinde
e9ded6
e9ded6 
Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
e9ded6 
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
e9ded6 
---
e9ded6 
 hw/xfree86/common/xf86Init.c | 8 ++++++--
e9ded6 
 1 file changed, 6 insertions(+), 2 deletions(-)
e9ded6
e9ded6 
diff --git a/hw/xfree86/common/xf86Init.c b/hw/xfree86/common/xf86Init.c
e9ded6 
index 6c25eda739..0f57efa863 100644
e9ded6 
--- a/hw/xfree86/common/xf86Init.c
e9ded6 
+++ b/hw/xfree86/common/xf86Init.c
e9ded6 
@@ -935,14 +935,18 @@ ddxProcessArgument(int argc, char **argv, int i)
e9ded6 
     /* First the options that are not allowed with elevated privileges */
e9ded6 
     if (!strcmp(argv[i], "-modulepath")) {
e9ded6 
         CHECK_FOR_REQUIRED_ARGUMENT();
e9ded6 
-        xf86CheckPrivs(argv[i], argv[i + 1]);
e9ded6 
+        if (xf86PrivsElevated())
e9ded6 
+              FatalError("\nInvalid argument -modulepath "
e9ded6 
+                "with elevated privileges\n");
e9ded6 
         xf86ModulePath = argv[i + 1];
e9ded6 
         xf86ModPathFrom = X_CMDLINE;
e9ded6 
         return 2;
e9ded6 
     }
e9ded6 
     if (!strcmp(argv[i], "-logfile")) {
e9ded6 
         CHECK_FOR_REQUIRED_ARGUMENT();
e9ded6 
-        xf86CheckPrivs(argv[i], argv[i + 1]);
e9ded6 
+        if (xf86PrivsElevated())
e9ded6 
+              FatalError("\nInvalid argument -logfile "
e9ded6 
+                "with elevated privileges\n");
e9ded6 
         xf86LogFile = argv[i + 1];
e9ded6 
         xf86LogFileFrom = X_CMDLINE;
e9ded6 
         return 2;
e9ded6 
--
e9ded6 
2.19.0
e9ded6

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation