Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 151785 Details for
Bug 217819
x11-terms/rxvt < 2.7.10-r4 X11 Display Security Issue (CVE-2008-1142)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch against 2.7.10
rxvt-2.7.10-CVE-2008-1142-DISPLAY.patch (text/plain), 1.81 KB, created by
Christian Hoffmann (RETIRED)
on 2008-05-04 10:31:24 UTC
(
hide
)
Description:
patch against 2.7.10
Filename:
MIME Type:
Creator:
Christian Hoffmann (RETIRED)
Created:
2008-05-04 10:31:24 UTC
Size:
1.81 KB
patch
obsolete
># CVE-2008-1142 (rxvt 2.6.4 opens an xterm on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections.) ># Based on http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=41;filename=diff;att=1;bug=469296 ># bug 217819 > >diff -Naur rxvt-2.7.10.orig/rclock/rclock.c rxvt-2.7.10/rclock/rclock.c >--- rxvt-2.7.10.orig/rclock/rclock.c 2008-05-03 14:23:07.264082222 +0200 >+++ rxvt-2.7.10/rclock/rclock.c 2008-05-03 14:24:55.433082735 +0200 >@@ -324,9 +324,6 @@ > CheckMaildir(); > #endif > >- if ((display_name = getenv ("DISPLAY")) == NULL) >- display_name = ":0"; >- > /* parse the command line */ > for (i = 1; i < argc; i += 2) > { >@@ -424,7 +421,9 @@ > Xdisplay = XOpenDisplay (display_name); > if (!Xdisplay) > { >- print_error ("can't open display %s", display_name); >+ print_error ("can't open display %s", display_name?display_name: >+ getenv("DISPLAY")?getenv("DISPLAY"): >+ "as no -d given and DISPLAY not set"); > goto Abort; > } > >diff -Naur rxvt-2.7.10.orig/src/init.c rxvt-2.7.10/src/init.c >--- rxvt-2.7.10.orig/src/init.c 2008-05-03 14:23:07.247082766 +0200 >+++ rxvt-2.7.10/src/init.c 2008-05-03 14:43:44.705227631 +0200 >@@ -532,8 +532,7 @@ > /* > * Open display, get options/resources and create the window > */ >- if ((rs[Rs_display_name] = getenv("DISPLAY")) == NULL) >- rs[Rs_display_name] = ":0"; >+ rs[Rs_display_name] = getenv("DISPLAY"); > > rxvt_get_options(r, r_argc, r_argv); > free(r_argv); >@@ -550,7 +549,9 @@ > > if (r->Xdisplay == NULL > && (r->Xdisplay = XOpenDisplay(rs[Rs_display_name])) == NULL) { >- rxvt_print_error("can't open display %s", rs[Rs_display_name]); >+ rxvt_print_error("can't open display %s", >+ rs[Rs_display_name]?rs[Rs_display_name]: >+ "as no -display option given and DISPLAY not set"); > exit(EXIT_FAILURE); > } >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=151785">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 217819
: 151785
