This critical bug may be exploited to access root account. I test it on gentoo 3 machines (arch i386), latest updates, eg --sync now. Step to reproduce: 1. install xorg-x11 modular latest stable in portage. 2. install html editor bluefish (stable in portage) 3. install firefox (stable in portage) 4. enable in firefox javascript 5. open url http://maps.google.com in firefox 6. save requested front page to some location 7. remove folder http_name.files with images 8. open bluefish 9. in bluefish, select file-open and secect saved html page from maps.google.com 10. RESULT = CRASH X server. I think, this bug may have root exploit, as I know, xorg run as root. Initialy bug present in bluefish, of course, but xorg API MUST corect resolve incorrect API calls, but do nothing :( Sorry, I do not have time to find bug in sourse code :( too many work :(:( And, I must WARN gentoo community about this... With best whishes - triod.
No Additional Comments
Oh, that's really "easily" abused, just have to induce someone to do 10 steps including installing multiple apps... Security doesn't handle such stuff at all AFAIK, should be reassigned to maintainer.
is this reproductible for someone else ?
I can't reproduce it, but it does cause bluefish to get a very high load, so the best I could think of "security wise" was that it would cause oom killer to go nuts and DoS things. However, this would only really be applicable to a desktop environment, so if you're running mission critical server applications on a desktop system, well yah... So, that's about that :P.
What's high load got to do with oom killer, anyway? Besides that, good luck in hunting this one down. Way to many components involved. It might actually be a real issue, but I don't see us having the resources to even remotely track it down :/
Yuriy, do you have an nvidia card ?
Closing this one as INVALID for now. Feel free to reopen if you have further information.