Bug#442879: patch updated

Sun, 01 Mar 2009 13:36:16 -0800 

Hi!

I confirm that this bug exists on all 3 lenny machines here.

The -config and -xf86config options are completely broken for users, you can't 
start an xserver when you pass them, even when using the default xorg.conf:

X :1 -xf86config xorg.conf

won't start when done as user, even when "everyone can start X" is activated 
(dpkg-reconfigure x11-common)

I hope the fix can be applied for a future point release, because the bug 
breaks these options for nearly everyone. You need them to start multiple 
x-servers with different configurations to achieve:
- have a separate x-server on another graphic card
- run a second x-server for presentations, games,..
  with different resolution, mouse support, ...

> Last night I ran into another system broken by this bug. That prompted
> me to show the patch to the owner of the broken system. He pointed out
> that I missed the case of a leading slash. There's an amended patch at
> the end.

The patch did not work, because there was a wrong number of parentheses after 
applying. The patch which worked for me is attached.

> I don't mean to complain, I really do appreciate having someone taking
> care of the X server on my machines, and I'm open to other approaches
> to fixing this, just let me know.

By not starting as user, e.g. with sudo.

xserver-xorg is a very small package so it did not take so long to patch and 
build it, thanks for making it so modular.

Markus

--- xserver-wrapper.c.orig      2009-03-01 21:46:26.681729627 +0100
+++ xserver-wrapper.c   2009-03-01 21:49:44.381726371 +0100
@@ -324,9 +324,14 @@ main(int argc, char **argv)

     for (i = 1; i < argc; i++) {
       if (!strcmp(argv[i], "-config") || !strcmp(argv[i], "-xf86config")) {
-        if (setuid(getuid())) {
-          perror("X unable to drop setuid privileges for alternate config");
-          exit(1);
+        if (i+1 > argc  /* if there is no argument to config */
+            || (*(argv[i+1]) == '/') /* or it starts with a slash */
+            || strstr(argv[i+1],"Xwrapper.config") /* or is our config file */
+            || strstr(argv[i+1],"..")) { /* or attempts to escape this dir */
+          if (setuid(getuid())) {
+            perror("X unable to drop setuid privileges for alternate config");
+            exit(1);
+          }
         }
       } else if (strlen(argv[i]) > 256) {
         if (setuid(getuid())) {

Reply via email to