Open files with O_NOFOLLOW. (CVE-2017-16611)

A non-privileged X client can instruct X server running under root to open any file by creating own directory with "fonts.dir", "fonts.alias" or any font file being a symbolic link to any other file in the system. X server will then open it. This can be issue with special files such as /dev/watchdog. Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
author: Michal Srb <msrb@suse.com> 2017-10-26 09:48:13 +0200
committer: Matthieu Herrb <matthieu@herrb.eu> 2017-11-25 11:45:41 +0100
commit: 7b377456f95d2ec3ead40f4fb74ea620191f88c8 (patch)
tree: 490711446aa5e24235d047a6dbebd44aba0084f6 /src/fontfile/fileio.c
parent: d82dfe25491c599f650b2ad868772c3b8e6ba7bc (diff)
download: xorg-lib-libXfont-7b377456f95d2ec3ead40f4fb74ea620191f88c8.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/src/fontfile/fileio.c b/src/fontfile/fileio.c
index 074ebcb..05374b4 100644
--- a/src/fontfile/fileio.c
+++ b/src/fontfile/fileio.c
@@ -40,6 +40,9 @@ in this Software without prior written authorization from The Open Group.
 #ifndef O_CLOEXEC
 #define O_CLOEXEC 0
 #endif
+#ifndef O_NOFOLLOW
+#define O_NOFOLLOW 0
+#endif
 
 FontFilePtr
 FontFileOpen (const char *name)
@@ -48,7 +51,7 @@ FontFileOpen (const char *name)
     int		len;
     BufFilePtr	raw, cooked;
 
-    fd = open (name, O_BINARY|O_CLOEXEC);
+    fd = open (name, O_BINARY|O_CLOEXEC|O_NOFOLLOW);
     if (fd < 0)
 	return 0;
     raw = BufFileOpenRead (fd);
author	Michal Srb <msrb@suse.com>	2017-10-26 09:48:13 +0200
committer	Matthieu Herrb <matthieu@herrb.eu>	2017-11-25 11:45:41 +0100
commit	7b377456f95d2ec3ead40f4fb74ea620191f88c8 (patch)
tree	490711446aa5e24235d047a6dbebd44aba0084f6 /src/fontfile/fileio.c
parent	d82dfe25491c599f650b2ad868772c3b8e6ba7bc (diff)
download	xorg-lib-libXfont-7b377456f95d2ec3ead40f4fb74ea620191f88c8.tar.gz