Evan Martin (evan) wrote in evan_tech,
Evan Martin

type error -> security vulnerability

Critical X bug. Normal users can use it to get root.

The bug was:
if (getuid() == 0 || geteuid != 0)

Reasons it shouldn't have happened:
  • Why can you compare pointers and integers without a compiler warning? (This actually surprises me: it appears to be true even in C++...?)
  • Why does X run as root? (Even if it tries to drop privileges, this bug was in the startup code.) (I know the answer to this, but, sigh.)
Tags: c/c++, grumpy, programming languages
  • Post a new comment


    default userpic
    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.