aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVadim Troshchinskiy <vtroshchinskiy@qindel.com>2023-09-27 14:00:45 +0200
committerVadim Troshchinskiy <vtroshchinskiy@qindel.com>2023-09-27 14:00:45 +0200
commit09c4e2157511d4e530f3d5a2dc109a309c9b65ab (patch)
treeed86fe31b673531bf49bb85f7970f7c43eadb5d9
parent3ef7845746c4ec1ac75825ccebc17168e0400cfa (diff)
downloadnx-libs-09c4e2157511d4e530f3d5a2dc109a309c9b65ab.tar.gz
nx-libs-09c4e2157511d4e530f3d5a2dc109a309c9b65ab.tar.bz2
nx-libs-09c4e2157511d4e530f3d5a2dc109a309c9b65ab.zip
Fix dlopen() privilege escalation
Fixed by implementing the recommended GID check.
-rw-r--r--nx-X11/extras/Mesa.patches_6.4.2/5003_dlopen-escalation.patch13
-rw-r--r--nx-X11/extras/Mesa.patches_6.4.2/series1
2 files changed, 14 insertions, 0 deletions
diff --git a/nx-X11/extras/Mesa.patches_6.4.2/5003_dlopen-escalation.patch b/nx-X11/extras/Mesa.patches_6.4.2/5003_dlopen-escalation.patch
new file mode 100644
index 000000000..263fee624
--- /dev/null
+++ b/nx-X11/extras/Mesa.patches_6.4.2/5003_dlopen-escalation.patch
@@ -0,0 +1,13 @@
+Index: Mesa_6.4.2/src/glx/x11/dri_glx.c
+===================================================================
+--- Mesa_6.4.2.orig/src/glx/x11/dri_glx.c
++++ Mesa_6.4.2/src/glx/x11/dri_glx.c
+@@ -196,7 +196,7 @@ static __DRIdriver *OpenDriver(const cha
+ }
+ }
+
+- if (geteuid() == getuid()) {
++ if (geteuid() == getuid() && getgid() == getegid()) {
+ /* don't allow setuid apps to use LIBGL_DRIVERS_PATH */
+ libPaths = getenv("LIBGL_DRIVERS_PATH");
+ if (!libPaths)
diff --git a/nx-X11/extras/Mesa.patches_6.4.2/series b/nx-X11/extras/Mesa.patches_6.4.2/series
index db40c2b60..51d3d6566 100644
--- a/nx-X11/extras/Mesa.patches_6.4.2/series
+++ b/nx-X11/extras/Mesa.patches_6.4.2/series
@@ -6,3 +6,4 @@
4005_adapt-all-libX11-include-paths-to-libNX_X11.patch
5002_silence-uninitialized.diff
1001_support_musl
+5003_dlopen-escalation.patch