Security vulnerability in Xorg-6.9.0

[dnicholson@…]

As posted by Ag Hatzim on blfs-dev:

In addition and relative to this issue,a vulnerability has been found in the X.Org server [1],because the Xorg server is installed setuid root. The 1.0.2 release is not vulnerable,however the patch for 6.9.0 [2] should be put in the book.

1. ​http://wiki.x.org/wiki/SecurityPage

2. ​http://xorg.freedesktop.org/releases/X11R6.9.0/patches/x11r6.9.0-geteuid.diff

[dnicholson@…]

This sed accomplishes the same as the patch:

sed -i 's/geteuid /geteuid() /' programs/Xserver/hw/xfree86/common/xf86Init.c

I will apply this to the book.

[dnicholson@…]

Fixed in r5863.