Commit 50c0cf88 authored by Matthieu Herrb's avatar Matthieu Herrb Committed by Adam Jackson

Disable -logfile and -modulepath when running with elevated privileges

Could cause privilege elevation and/or arbitrary files overwrite, when
the X server is running with elevated privileges (ie when Xorg is
installed with the setuid bit set and started by a non-root user).

CVE-2018-14665

Issue reported by Narendra Shinde and Red Hat.
Signed-off-by: Matthieu Herrb's avatarMatthieu Herrb <matthieu@herrb.eu>
Reviewed-by: Alan Coopersmith's avatarAlan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Peter Hutterer's avatarPeter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Adam Jackson's avatarAdam Jackson <ajax@redhat.com>
parent 08ff37d0
......@@ -935,14 +935,18 @@ ddxProcessArgument(int argc, char **argv, int i)
/* First the options that are not allowed with elevated privileges */
if (!strcmp(argv[i], "-modulepath")) {
CHECK_FOR_REQUIRED_ARGUMENT();
xf86CheckPrivs(argv[i], argv[i + 1]);
if (xf86PrivsElevated())
FatalError("\nInvalid argument -modulepath "
"with elevated privileges\n");
xf86ModulePath = argv[i + 1];
xf86ModPathFrom = X_CMDLINE;
return 2;
}
if (!strcmp(argv[i], "-logfile")) {
CHECK_FOR_REQUIRED_ARGUMENT();
xf86CheckPrivs(argv[i], argv[i + 1]);
if (xf86PrivsElevated())
FatalError("\nInvalid argument -logfile "
"with elevated privileges\n");
xf86LogFile = argv[i + 1];
xf86LogFileFrom = X_CMDLINE;
return 2;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment