equal
deleted
inserted
replaced
1 Bug 15574928 - SUNBT6859039 |
|
2 |
|
3 Upstream applicability & status unknown. |
|
4 --- |
|
5 driver/prefs.c | 14 ++++++++++++++ |
|
6 1 files changed, 14 insertions(+), 0 deletions(-) |
|
7 |
|
8 diff --git a/driver/prefs.c b/driver/prefs.c |
|
9 --- a/driver/prefs.c |
|
10 +++ b/driver/prefs.c |
|
11 @@ -378,7 +378,21 @@ parse_init_file (saver_preferences *p) |
|
12 return 0; |
|
13 } |
|
14 |
|
15 + /* |
|
16 + * 6859039: unprivileged local users can use xscreensaver to show |
|
17 + * contents of files they don't have permission to read. |
|
18 + */ |
|
19 + |
|
20 + /* Drop Privilege before opening .xscreensaver file */ |
|
21 + uid_t idorg = geteuid (); |
|
22 + if (seteuid (getuid ()) != 0) |
|
23 + return 0; |
|
24 + |
|
25 in = fopen(name, "r"); |
|
26 + |
|
27 + /* Restore Privilege */ |
|
28 + seteuid (idorg); |
|
29 + |
|
30 if (!in) |
|
31 { |
|
32 char *buf = (char *) malloc(1024 + strlen(name)); |
|