diff options
| author | Michael Jennings <mej@kainx.org> | 2008-05-14 23:16:54 +0000 |
|---|---|---|
| committer | Michael Jennings <mej@kainx.org> | 2008-05-14 23:16:54 +0000 |
| commit | 883b2660af38b96403559ec253401feca03927a6 (patch) | |
| tree | f1ba7281dd0fdde95b3cbae493929fabe66246f4 | |
| parent | 1b91d073181cc17cd057d4449e5ae407976f87a9 (diff) | |
| download | eterm-883b2660af38b96403559ec253401feca03927a6.tar.gz | |
Wed May 14 16:09:04 2008 Michael Jennings (mej)
(Correct) fix for CVE-2008-1692. Eterm no longer defaults to using
":0" for $DISPLAY due to the possibility that an attacker can create a
fake X server on a shared system, intercept the Eterm X connection,
and send fake keystrokes to the victim's Eterm to execute arbitrary
commands as that user.
The previous fix, while it did indeed correct the vulnerability, broke
the --display option. The original fix from Bernhard Link was more
correct, albeit not quite on target.
----------------------------------------------------------------------
SVN revision: 34574
| -rw-r--r-- | ChangeLog | 12 | ||||
| -rw-r--r-- | src/startup.c | 12 |
2 files changed, 16 insertions, 8 deletions
@@ -5565,3 +5565,15 @@ Wed May 14 15:26:13 2008 Michael Jennings (mej) Patch from Emmanuel Anne <emmanuel.anne@gmail.com> to fix cut/paste with KDE applications. ---------------------------------------------------------------------- +Wed May 14 16:09:04 2008 Michael Jennings (mej) + +(Correct) fix for CVE-2008-1692. Eterm no longer defaults to using +":0" for $DISPLAY due to the possibility that an attacker can create a +fake X server on a shared system, intercept the Eterm X connection, +and send fake keystrokes to the victim's Eterm to execute arbitrary +commands as that user. + +The previous fix, while it did indeed correct the vulnerability, broke +the --display option. The original fix from Bernhard Link was more +correct, albeit not quite on target. +---------------------------------------------------------------------- diff --git a/src/startup.c b/src/startup.c index e040476..8db77f8 100644 --- a/src/startup.c +++ b/src/startup.c @@ -95,13 +95,7 @@ eterm_bootstrap(int argc, char *argv[]) init_libast(); /* Open display, get options/resources and create the window */ - if (getenv("DISPLAY") == NULL) { - /* do not default to any display due to security issues -- vapier - * http://article.gmane.org/gmane.comp.security.oss.general/122 - */ - libast_print_error("can't open display: DISPLAY not set\n"); - exit(EXIT_FAILURE); - } else { + if (getenv("DISPLAY") != NULL) { display_name = STRDUP(getenv("DISPLAY")); } @@ -119,8 +113,10 @@ eterm_bootstrap(int argc, char *argv[]) #ifdef NEED_LINUX_HACK privileges(REVERT); #endif + if (!Xdisplay && !(Xdisplay = XOpenDisplay(display_name))) { - libast_print_error("can't open display %s\n", display_name); + libast_print_error("Can't open display %s. Set $DISPLAY or use --display\n", + NONULL(display_name)); exit(EXIT_FAILURE); } XSetErrorHandler((XErrorHandler) xerror_handler); |