diff options
author | Michal Srb <msrb@suse.com> | 2017-10-26 09:48:13 +0200 |
---|---|---|
committer | Matthieu Herrb <matthieu@herrb.eu> | 2017-11-25 11:45:41 +0100 |
commit | 7b377456f95d2ec3ead40f4fb74ea620191f88c8 (patch) | |
tree | 490711446aa5e24235d047a6dbebd44aba0084f6 /src/fontfile/fileio.c | |
parent | d82dfe25491c599f650b2ad868772c3b8e6ba7bc (diff) | |
download | xorg-lib-libXfont-7b377456f95d2ec3ead40f4fb74ea620191f88c8.tar.gz |
Open files with O_NOFOLLOW. (CVE-2017-16611)
A non-privileged X client can instruct X server running under root to open any
file by creating own directory with "fonts.dir", "fonts.alias" or any font file
being a symbolic link to any other file in the system. X server will then open
it. This can be issue with special files such as /dev/watchdog.
Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
Diffstat (limited to 'src/fontfile/fileio.c')
-rw-r--r-- | src/fontfile/fileio.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/fontfile/fileio.c b/src/fontfile/fileio.c index 074ebcb..05374b4 100644 --- a/src/fontfile/fileio.c +++ b/src/fontfile/fileio.c @@ -40,6 +40,9 @@ in this Software without prior written authorization from The Open Group. #ifndef O_CLOEXEC #define O_CLOEXEC 0 #endif +#ifndef O_NOFOLLOW +#define O_NOFOLLOW 0 +#endif FontFilePtr FontFileOpen (const char *name) @@ -48,7 +51,7 @@ FontFileOpen (const char *name) int len; BufFilePtr raw, cooked; - fd = open (name, O_BINARY|O_CLOEXEC); + fd = open (name, O_BINARY|O_CLOEXEC|O_NOFOLLOW); if (fd < 0) return 0; raw = BufFileOpenRead (fd); |