Evan Martin (evan) wrote in evan_tech,
Evan Martin
evan
evan_tech

type error -> security vulnerability

Critical X bug. Normal users can use it to get root.

The bug was:
if (getuid() == 0 || geteuid != 0)

Reasons it shouldn't have happened:
  • Why can you compare pointers and integers without a compiler warning? (This actually surprises me: it appears to be true even in C++...?)
  • Why does X run as root? (Even if it tries to drop privileges, this bug was in the startup code.) (I know the answer to this, but, sigh.)
Tags: c/c++, grumpy, programming languages
Subscribe

  • your vcs sucks

    I've been hacking on some Haskell stuff lately that's all managed in darcs and it's reminded me of an observation I made over two years ago now (see…

  • perl people, explain your language to me

    Every time I use perl I feel mildly positive about it right up until I encounter CPAN. I've never managed to make CPAN work, despite the multitude of…

  • dns attack of doom

    If I've learned anything from the new Kaminsky DNS attack, it's that if you want to keep something a secret while disclosing to a trusted subset of…

  • Post a new comment

    Error

    default userpic
    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 10 comments

  • your vcs sucks

    I've been hacking on some Haskell stuff lately that's all managed in darcs and it's reminded me of an observation I made over two years ago now (see…

  • perl people, explain your language to me

    Every time I use perl I feel mildly positive about it right up until I encounter CPAN. I've never managed to make CPAN work, despite the multitude of…

  • dns attack of doom

    If I've learned anything from the new Kaminsky DNS attack, it's that if you want to keep something a secret while disclosing to a trusted subset of…