On Tue, Jun 16, 2015 at 03:54:09PM -0600, Jon Trulson wrote: > On Mon, 15 Jun 2015, Isaac Dunham wrote: > > >While this change is functionally equivalent to the original code > >(apart from the detail that it's actually valid), I wonder if we > >should try to update to match current xdm or make this do the "right" > >thing...well, it looks like xdm eliminated this code over a decade > >ago. > > > >I see that neither of the CVEs for xdm apply for most builds; > >but for "AlphaArchitecture", where SIA is defined, seteuid(0) > >is called without error checking...I suppose that cannot be a > >privilege escalation, but rather might continue despite failing > >to elevate privileges. > > Ok to apply this patch then? It looks like particularly crappy code > to begin with, so I'm ok with removing it.
Yes. > As for seteuid() - yes that should be checked, but if it fails, it > fails, so I do not see how that could cause a priv escalation... > [...] One of the CVEs for XDM was that "setuid and seteuid were called without error checking, leading to a potential privilege escalation" (summary, not exact). If one calls seteuid(regular_user), it fails, and one proceeds as if it had succeeded, code that *should* be running with the permissions of regular_user may be running as root instead; this is the only way to get a privilege escalation. However, that's the reverse of what's happening on Alpha: seteuid(root) might fail, and then code that was written to run as root may run with lower permissions. HTH, Isaac Dunham ------------------------------------------------------------------------------ _______________________________________________ cdesktopenv-devel mailing list cdesktopenv-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/cdesktopenv-devel
