From a9d3ad0d8b824e687dc13addc63bbdabcb7dec09 Mon Sep 17 00:00:00 2001
From: Alan Coopersmith <[email protected]>
Date: Sat, 2 Jan 2016 23:05:51 -0800
Subject: [PATCH] bug 15574928
Bug 15574928 - SUNBT6859039
Upstream applicability & status unknown.
---
driver/prefs.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/driver/prefs.c b/driver/prefs.c
index 20f3a4a..c14d1be 100644
--- a/driver/prefs.c
+++ b/driver/prefs.c
@@ -381,7 +381,21 @@ parse_init_file (saver_preferences *p)
return 0;
}
+ /*
+ * 6859039: unprivileged local users can use xscreensaver to show
+ * contents of files they don't have permission to read.
+ */
+
+ /* Drop Privilege before opening .xscreensaver file */
+ uid_t idorg = geteuid ();
+ if (seteuid (getuid ()) != 0)
+ return 0;
+
in = fopen(name, "r");
+
+ /* Restore Privilege */
+ seteuid (idorg);
+
if (!in)
{
char *buf = (char *) malloc(1024 + strlen(name));
--
2.6.1