Secure Coding mailing list archives
HNS - Biggest X Window security hole since 2000
From: rcs at cert.org (Robert C. Seacord)
Date: Mon, 08 May 2006 08:58:54 -0400
der Mouse wrote:
And, of course, nobody ever bothers to say just what the problem was. Grrr. (Fortunately, I don't care, since I am running pre-X11R6.9.0 code, or I'd be trying to chase down the diff.)
Bad code:
/* First the options that are only allowed for root */
if (getuid() == 0 || geteuid != 0) {
if (!strcmp(argv[i], "-modulepath"))
Good code:
/* First the options that are only allowed for root */
if (getuid() == 0 || geteuid() != 0) {
if (!strcmp(argv[i], "-modulepath"))
The problem, of course, is that the address of geteuid is
always == true.
rCs
--
Robert C. Seacord
Senior Vulnerability Analyst
CERT/CC
Work: 412-268-7608
FAX: 412-268-6989
Current thread:
- HNS - Biggest X Window security hole since 2000 Kenneth R. van Wyk (May 04)
- HNS - Biggest X Window security hole since 2000 Gadi Evron (May 04)
- HNS - Biggest X Window security hole since 2000 Kenneth R. van Wyk (May 04)
- HNS - Biggest X Window security hole since 2000 Greenarrow 1 (May 04)
- HNS - Biggest X Window security hole since 2000 Kenneth R. van Wyk (May 04)
- HNS - Biggest X Window security hole since 2000 ljknews (May 05)
- HNS - Biggest X Window security hole since 2000 der Mouse (May 06)
- HNS - Biggest X Window security hole since 2000 Robert C. Seacord (May 08)
- HNS - Biggest X Window security hole since 2000 Tim Hollebeek (May 08)
- HNS - Biggest X Window security hole since 2000 Florian Weimer (May 07)
- HNS - Biggest X Window security hole since 2000 der Mouse (May 06)
- HNS - Biggest X Window security hole since 2000 Gadi Evron (May 04)