Bug#442879: patch updated
Hi,
Last night I ran into another system broken by this bug. That prompted
me to show the patch to the owner of the broken system. He pointed out
that I missed the case of a leading slash. There's an amended patch at
the end.
So, now left I'm wondering why there's been no response to this for
six months. Did procmail eat my previous messages? Do others see
problems with the patch? I'd really appreciate some feedback, and
failing that, I'd be happy to see the patch applied; I'm getting tired of
going down the debugging path of "hey, X just exited with some
nonsense error about being unable to move a log file, what the hell?
Oh yeah. X11-common. Let me grab my patched version. Drat, it can't be
installed with the version of Xorg on this system; guess I need to
build some new versions."
I don't mean to complain, I really do appreciate having someone taking
care of the X server on my machines, and I'm open to other approaches
to fixing this, just let me know.
Thanks for your consideration,
Greg
diff -u -p /home/gno/xorg-7.3\+10/debian/local/xserver-wrapper.c.mine /home/gno/xorg-7.3\+10/debian/local/xserver-wrapper.c
--- /home/gno/xorg-7.3+10/debian/local/xserver-wrapper.c.mine 2008-09-14 12:25:20.000000000 -0700
+++ /home/gno/xorg-7.3+10/debian/local/xserver-wrapper.c 2008-09-14 12:25:44.000000000 -0700
@@ -324,6 +324,10 @@ main(int argc, char **argv)
for (i = 1; i < argc; i++) {
if (!strcmp(argv[i], "-config") || !strcmp(argv[i], "-xf86config")) {
+ if (i+1 > argc /* if there is no argument to config */
+ || (*(argv[i+1]) == '/')) /* or it starts with a slash */
+ || strstr(argv[i+1],"Xwrapper.config") /* or is our config file */
+ || strstr(argv[i+1],"..")) { /* or attempts to escape this dir */
if (setuid(getuid())) {
perror("X unable to drop setuid privileges for alternate
config");
exit(1);
Diff finished. Sun Sep 14 12:26:02 2008
Reply to: