Secure Coding mailing list archives
HNS - Biggest X Window security hole since 2000
From: rcs at cert.org (Robert C. Seacord)
Date: Mon, 08 May 2006 08:58:54 -0400
der Mouse wrote:
And, of course, nobody ever bothers to say just what the problem was. Grrr. (Fortunately, I don't care, since I am running pre-X11R6.9.0 code, or I'd be trying to chase down the diff.)
Bad code: /* First the options that are only allowed for root */ if (getuid() == 0 || geteuid != 0) { if (!strcmp(argv[i], "-modulepath")) Good code: /* First the options that are only allowed for root */ if (getuid() == 0 || geteuid() != 0) { if (!strcmp(argv[i], "-modulepath")) The problem, of course, is that the address of geteuid is always == true. rCs -- Robert C. Seacord Senior Vulnerability Analyst CERT/CC Work: 412-268-7608 FAX: 412-268-6989
Current thread:
- HNS - Biggest X Window security hole since 2000 Kenneth R. van Wyk (May 04)
- HNS - Biggest X Window security hole since 2000 Gadi Evron (May 04)
- HNS - Biggest X Window security hole since 2000 Kenneth R. van Wyk (May 04)
- HNS - Biggest X Window security hole since 2000 Greenarrow 1 (May 04)
- HNS - Biggest X Window security hole since 2000 Kenneth R. van Wyk (May 04)
- HNS - Biggest X Window security hole since 2000 ljknews (May 05)
- HNS - Biggest X Window security hole since 2000 der Mouse (May 06)
- HNS - Biggest X Window security hole since 2000 Robert C. Seacord (May 08)
- HNS - Biggest X Window security hole since 2000 Tim Hollebeek (May 08)
- HNS - Biggest X Window security hole since 2000 Florian Weimer (May 07)
- HNS - Biggest X Window security hole since 2000 der Mouse (May 06)
- HNS - Biggest X Window security hole since 2000 Gadi Evron (May 04)