upstream/oracle/userland-gate: components/desktop/xscreensaver/patches/0017-bug-15574928.patch@a50590d00730

summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help


From a9d3ad0d8b824e687dc13addc63bbdabcb7dec09 Mon Sep 17 00:00:00 2001
From: Alan Coopersmith <[email protected]>
Date: Sat, 2 Jan 2016 23:05:51 -0800
Subject: [PATCH] bug 15574928

Bug 15574928 - SUNBT6859039

Upstream applicability & status unknown.
---
 driver/prefs.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/driver/prefs.c b/driver/prefs.c
index 20f3a4a..c14d1be 100644
--- a/driver/prefs.c
+++ b/driver/prefs.c
@@ -381,7 +381,21 @@ parse_init_file (saver_preferences *p)
       return 0;
     }
 
+  /*
+   * 6859039: unprivileged local users can use xscreensaver to show
+   * contents of files they don't have permission to read.
+   */
+
+  /* Drop Privilege before opening .xscreensaver file */
+  uid_t idorg = geteuid ();
+  if (seteuid (getuid ()) != 0)
+    return 0;
+
   in = fopen(name, "r");
+
+  /* Restore Privilege */
+  seteuid (idorg);
+
   if (!in)
     {
       char *buf = (char *) malloc(1024 + strlen(name));
-- 
2.6.1

author	Patrick Einheber <patrick.einheber@oracle.com>
	Wed, 12 Oct 2016 08:38:46 -0700
changeset 7093	a50590d00730
parent 5561	0416d82f7f55
permissions	-rw-r--r--