diff options
Diffstat (limited to 'main/xorg-server/CVE-2018-14665.patch')
-rw-r--r-- | main/xorg-server/CVE-2018-14665.patch | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/main/xorg-server/CVE-2018-14665.patch b/main/xorg-server/CVE-2018-14665.patch new file mode 100644 index 00000000000..68b5734383d --- /dev/null +++ b/main/xorg-server/CVE-2018-14665.patch @@ -0,0 +1,50 @@ +From 50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e Mon Sep 17 00:00:00 2001 +From: Matthieu Herrb <matthieu@herrb.eu> +Date: Tue, 23 Oct 2018 21:29:08 +0200 +Subject: [PATCH] Disable -logfile and -modulepath when running with elevated + privileges + +Could cause privilege elevation and/or arbitrary files overwrite, when +the X server is running with elevated privileges (ie when Xorg is +installed with the setuid bit set and started by a non-root user). + +CVE-2018-14665 + +Issue reported by Narendra Shinde and Red Hat. + +Signed-off-by: Matthieu Herrb <matthieu@herrb.eu> +Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> +Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> +Reviewed-by: Adam Jackson <ajax@redhat.com> +--- + hw/xfree86/common/xf86Init.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/hw/xfree86/common/xf86Init.c b/hw/xfree86/common/xf86Init.c +index 6c25eda73..0f57efa86 100644 +--- a/hw/xfree86/common/xf86Init.c ++++ b/hw/xfree86/common/xf86Init.c +@@ -935,14 +935,18 @@ ddxProcessArgument(int argc, char **argv, int i) + /* First the options that are not allowed with elevated privileges */ + if (!strcmp(argv[i], "-modulepath")) { + CHECK_FOR_REQUIRED_ARGUMENT(); +- xf86CheckPrivs(argv[i], argv[i + 1]); ++ if (xf86PrivsElevated()) ++ FatalError("\nInvalid argument -modulepath " ++ "with elevated privileges\n"); + xf86ModulePath = argv[i + 1]; + xf86ModPathFrom = X_CMDLINE; + return 2; + } + if (!strcmp(argv[i], "-logfile")) { + CHECK_FOR_REQUIRED_ARGUMENT(); +- xf86CheckPrivs(argv[i], argv[i + 1]); ++ if (xf86PrivsElevated()) ++ FatalError("\nInvalid argument -logfile " ++ "with elevated privileges\n"); + xf86LogFile = argv[i + 1]; + xf86LogFileFrom = X_CMDLINE; + return 2; +-- +2.18.1 + |