Evan Martin (evan) wrote in evan_tech,
Evan Martin
evan
evan_tech

type error -> security vulnerability

Critical X bug. Normal users can use it to get root.

The bug was:
if (getuid() == 0 || geteuid != 0)

Reasons it shouldn't have happened:
  • Why can you compare pointers and integers without a compiler warning? (This actually surprises me: it appears to be true even in C++...?)
  • Why does X run as root? (Even if it tries to drop privileges, this bug was in the startup code.) (I know the answer to this, but, sigh.)
Tags: c/c++, grumpy, programming languages
Subscribe

  • no go

    Two friends of mine were pretty enthusiastic about the Go language, so I tried writing a program in it yesterday. It is frustrating because despite…

  • playing with vala

    I actually was toying with making something like Vala back in college. It's pretty cute. Much like using the sane subset of C++, as you write code…

  • chromium.el

    This weekend I wrote some Emacs Lisp to write some utility functions I find useful for hacking on Chromium. It's fun to have a reason to use Lisp!…

  • Post a new comment

    Error

    default userpic
    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 10 comments

  • no go

    Two friends of mine were pretty enthusiastic about the Go language, so I tried writing a program in it yesterday. It is frustrating because despite…

  • playing with vala

    I actually was toying with making something like Vala back in college. It's pretty cute. Much like using the sane subset of C++, as you write code…

  • chromium.el

    This weekend I wrote some Emacs Lisp to write some utility functions I find useful for hacking on Chromium. It's fun to have a reason to use Lisp!…