Open files with O_NOFOLLOW. (CVE-2017-16611) (7b377456) · Commits · xorg / lib / libXfont · GitLab

Due to an influx of spam, we have had to impose restrictions on new accounts. Please see this wiki page for instructions on how to get full permissions. Sorry for the inconvenience.

Commit 7b377456 authored Oct 26, 2017 by Michal Srb Committed by Matthieu Herrb Nov 25, 2017

Open files with O_NOFOLLOW. (CVE-2017-16611)

A non-privileged X client can instruct X server running under root to open any
file by creating own directory with "fonts.dir", "fonts.alias" or any font file
being a symbolic link to any other file in the system. X server will then open
it. This can be issue with special files such as /dev/watchdog.

Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>

parent d82dfe25

Hide whitespace changes

Inline Side-by-side

John Frankish @juanitotc
mentioned in issue #9
· Nov 10, 2019

mentioned in issue #9

mentioned in issue #9

Toggle commit list

Please register or to comment