diff options
author | Mike DePaulo <mikedep333@gmail.com> | 2015-02-08 19:16:38 -0500 |
---|---|---|
committer | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | 2015-02-14 16:14:31 +0100 |
commit | df4a3b7270539843ae76275485ca76efcdf361d9 (patch) | |
tree | 887bc86e5dee8d63bcc054891c0212479b92b526 /nx-X11 | |
parent | af55da1e9c1a6a352b24823a8f7062c288ffbbc0 (diff) | |
download | nx-libs-df4a3b7270539843ae76275485ca76efcdf361d9.tar.gz nx-libs-df4a3b7270539843ae76275485ca76efcdf361d9.tar.bz2 nx-libs-df4a3b7270539843ae76275485ca76efcdf361d9.zip |
Fix CVE-2011-4028: File disclosure vulnerability. upstream xorg/xserver commit 6ba44b91e37622ef8c146d8f2ac92d708a18ed34
use O_NOFOLLOW to open the existing lock file, so symbolic links
aren't followed, thus avoid revealing if it point to an existing
file.
Diffstat (limited to 'nx-X11')
-rw-r--r-- | nx-X11/programs/Xserver/os/utils.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/nx-X11/programs/Xserver/os/utils.c b/nx-X11/programs/Xserver/os/utils.c index 9b2431af7..79e49d5b1 100644 --- a/nx-X11/programs/Xserver/os/utils.c +++ b/nx-X11/programs/Xserver/os/utils.c @@ -483,7 +483,7 @@ LockServer(void) /* * Read the pid from the existing file */ - lfd = open(LockFile, O_RDONLY); + lfd = open(LockFile, O_RDONLY|O_NOFOLLOW); if (lfd < 0) { unlink(tmp); FatalError("Can't read lock file %s\n", LockFile); |