equal
deleted
inserted
replaced
|
1 From a9d3ad0d8b824e687dc13addc63bbdabcb7dec09 Mon Sep 17 00:00:00 2001 |
|
2 From: Alan Coopersmith <[email protected]> |
|
3 Date: Sat, 2 Jan 2016 23:05:51 -0800 |
|
4 Subject: [PATCH] bug 15574928 |
|
5 |
|
6 Bug 15574928 - SUNBT6859039 |
|
7 |
|
8 Upstream applicability & status unknown. |
|
9 --- |
|
10 driver/prefs.c | 14 ++++++++++++++ |
|
11 1 file changed, 14 insertions(+) |
|
12 |
|
13 diff --git a/driver/prefs.c b/driver/prefs.c |
|
14 index 20f3a4a..c14d1be 100644 |
|
15 --- a/driver/prefs.c |
|
16 +++ b/driver/prefs.c |
|
17 @@ -381,7 +381,21 @@ parse_init_file (saver_preferences *p) |
|
18 return 0; |
|
19 } |
|
20 |
|
21 + /* |
|
22 + * 6859039: unprivileged local users can use xscreensaver to show |
|
23 + * contents of files they don't have permission to read. |
|
24 + */ |
|
25 + |
|
26 + /* Drop Privilege before opening .xscreensaver file */ |
|
27 + uid_t idorg = geteuid (); |
|
28 + if (seteuid (getuid ()) != 0) |
|
29 + return 0; |
|
30 + |
|
31 in = fopen(name, "r"); |
|
32 + |
|
33 + /* Restore Privilege */ |
|
34 + seteuid (idorg); |
|
35 + |
|
36 if (!in) |
|
37 { |
|
38 char *buf = (char *) malloc(1024 + strlen(name)); |
|
39 -- |
|
40 2.6.1 |
|
41 |