Submitted By: Dan Nicholson Date: 2006-08-05 Initial Package Version: 1.0.0 Origin: http://xorg.freedesktop.org/releases/X11R7.1/patches/ Upstream Status: Applied Description: Fixes a security vulnerability. See the following advisory: http://lists.freedesktop.org/archives/xorg/2006-June/016146.html diff -pNur xtrans-1.0.0.orig/Xtranslcl.c xtrans-1.0.0/Xtranslcl.c --- xtrans-1.0.0.orig/Xtranslcl.c 2005-11-08 06:33:26.000000000 +0000 +++ xtrans-1.0.0/Xtranslcl.c 2006-08-05 16:47:29.000000000 +0000 @@ -360,7 +360,10 @@ TRANS(PTSOpenClient)(XtransConnInfo cipt uid_t saved_euid; saved_euid = geteuid(); - setuid( getuid() ); /** sets the euid to the actual/real uid **/ + /** sets the euid to the actual/real uid **/ + if (setuid( getuid() ) == -1) { + exit(1); + } if( chown( slave, saved_euid, -1 ) < 0 ) { exit( 1 ); } @@ -369,7 +372,13 @@ TRANS(PTSOpenClient)(XtransConnInfo cipt } waitpid(saved_pid, &exitval, 0); - + if (WIFEXITED(exitval) && WEXITSTATUS(exitval) != 0) { + close(fd); + close(server); + PRMSG(1, "PTSOpenClient: cannot set the owner of %s\n", + slave, 0, 0); + return(-1); + } if (chmod(slave, 0666) < 0) { close(fd); close(server);