diff options
author | Vadim Troshchinskiy <vtroshchinskiy@qindel.com> | 2023-09-27 14:00:45 +0200 |
---|---|---|
committer | Vadim Troshchinskiy <vtroshchinskiy@qindel.com> | 2023-09-27 14:00:45 +0200 |
commit | 09c4e2157511d4e530f3d5a2dc109a309c9b65ab (patch) | |
tree | ed86fe31b673531bf49bb85f7970f7c43eadb5d9 /nx-X11/extras/Mesa.patches_6.4.2/5003_dlopen-escalation.patch | |
parent | 3ef7845746c4ec1ac75825ccebc17168e0400cfa (diff) | |
download | nx-libs-09c4e2157511d4e530f3d5a2dc109a309c9b65ab.tar.gz nx-libs-09c4e2157511d4e530f3d5a2dc109a309c9b65ab.tar.bz2 nx-libs-09c4e2157511d4e530f3d5a2dc109a309c9b65ab.zip |
Fix dlopen() privilege escalation
Fixed by implementing the recommended GID check.
Diffstat (limited to 'nx-X11/extras/Mesa.patches_6.4.2/5003_dlopen-escalation.patch')
-rw-r--r-- | nx-X11/extras/Mesa.patches_6.4.2/5003_dlopen-escalation.patch | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/nx-X11/extras/Mesa.patches_6.4.2/5003_dlopen-escalation.patch b/nx-X11/extras/Mesa.patches_6.4.2/5003_dlopen-escalation.patch new file mode 100644 index 000000000..263fee624 --- /dev/null +++ b/nx-X11/extras/Mesa.patches_6.4.2/5003_dlopen-escalation.patch @@ -0,0 +1,13 @@ +Index: Mesa_6.4.2/src/glx/x11/dri_glx.c +=================================================================== +--- Mesa_6.4.2.orig/src/glx/x11/dri_glx.c ++++ Mesa_6.4.2/src/glx/x11/dri_glx.c +@@ -196,7 +196,7 @@ static __DRIdriver *OpenDriver(const cha + } + } + +- if (geteuid() == getuid()) { ++ if (geteuid() == getuid() && getgid() == getegid()) { + /* don't allow setuid apps to use LIBGL_DRIVERS_PATH */ + libPaths = getenv("LIBGL_DRIVERS_PATH"); + if (!libPaths) |