From 09c4e2157511d4e530f3d5a2dc109a309c9b65ab Mon Sep 17 00:00:00 2001
From: Vadim Troshchinskiy <vtroshchinskiy@qindel.com>
Date: Wed, 27 Sep 2023 14:00:45 +0200
Subject: Fix dlopen() privilege escalation

Fixed by implementing the recommended GID check.
---
 .../extras/Mesa.patches_6.4.2/5003_dlopen-escalation.patch  | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 nx-X11/extras/Mesa.patches_6.4.2/5003_dlopen-escalation.patch

(limited to 'nx-X11/extras/Mesa.patches_6.4.2/5003_dlopen-escalation.patch')

diff --git a/nx-X11/extras/Mesa.patches_6.4.2/5003_dlopen-escalation.patch b/nx-X11/extras/Mesa.patches_6.4.2/5003_dlopen-escalation.patch
new file mode 100644
index 000000000..263fee624
--- /dev/null
+++ b/nx-X11/extras/Mesa.patches_6.4.2/5003_dlopen-escalation.patch
@@ -0,0 +1,13 @@
+Index: Mesa_6.4.2/src/glx/x11/dri_glx.c
+===================================================================
+--- Mesa_6.4.2.orig/src/glx/x11/dri_glx.c
++++ Mesa_6.4.2/src/glx/x11/dri_glx.c
+@@ -196,7 +196,7 @@ static __DRIdriver *OpenDriver(const cha
+       }
+    }
+ 
+-   if (geteuid() == getuid()) {
++   if (geteuid() == getuid() && getgid() == getegid()) {
+       /* don't allow setuid apps to use LIBGL_DRIVERS_PATH */
+       libPaths = getenv("LIBGL_DRIVERS_PATH");
+       if (!libPaths)
-- 
cgit v1.2.3