Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 669588 (CVE-2018-14665) - <x11-base/xorg-server-1.20.3: Incorrect permission check in Xorg X server allows for privilege escalation (CVE-2018-14665)
Summary: <x11-base/xorg-server-1.20.3: Incorrect permission check in Xorg X server all...
Status: RESOLVED FIXED
Alias: CVE-2018-14665
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal critical (vote)
Assignee: Gentoo Security
URL: https://lists.x.org/archives/xorg-ann...
Whiteboard: A1 [glsa+ cve stable]
Keywords: STABLEREQ
: 669626 (view as bug list)
Depends on: 669812 670068
Blocks: 668900
  Show dependency tree
 
Reported: 2018-10-25 15:39 UTC by Matt Turner
Modified: 2019-01-16 10:02 UTC (History)
2 users (show)

See Also:
Package list:
x11-base/xorg-drivers-1.20 alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 x11-base/xorg-server-1.20.3 alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 x11-drivers/xf86-input-libinput-0.28.1 alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 x11-drivers/xf86-video-amdgpu-18.1.0 amd64 x86 x11-drivers/xf86-video-ati-18.1.0 alpha amd64 ia64 ppc ppc64 sparc x86 x11-drivers/xf86-video-r128-6.12.0 alpha amd64 ia64 ppc ppc64 sparc x86
Runtime testing required: ---
stable-bot: sanity-check+


Attachments
Add a setuid knob to control +s on /usr/bin/Xorg, on by default for backwards compat (xorg-server-USE_setuid.patch,1.07 KB, patch)
2018-10-25 20:37 UTC, Hank Leininger
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Matt Turner gentoo-dev 2018-10-25 15:39:51 UTC
Xserver 1.20.3 contains a fix for CVE-2018-14665. Please stabilize it and a few associated packages.
Comment 1 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2018-10-25 17:37:26 UTC
amd64 stable
Comment 2 Lars Wendler (Polynomial-C) gentoo-dev 2018-10-25 20:26:34 UTC
*** Bug 669626 has been marked as a duplicate of this bug. ***
Comment 3 Hank Leininger 2018-10-25 20:37:12 UTC
Created attachment 553046 [details, diff]
Add a setuid knob to control +s on /usr/bin/Xorg, on by default for backwards compat
Comment 4 Hank Leininger 2018-10-25 20:40:01 UTC
Derp... see attachment.

Please consider adding this or something like it to the ebuild, so that Gentoo admins can choose to set USE=-setuid to avoid chmod +s on /usr/bin/Xorg.  Setuid is only required when not using a launcher like xdm, gdm, lightdm.  We currently force it on unless systemd is in use.  This patch leaves the current behavior as the default, but allows admins to prevent setuid Xorg, to avoid this and similar future issues.

Let me know if this should be a separate bug instead (don't know if this will be controversial during the stabilization process?).
Comment 5 Matt Turner gentoo-dev 2018-10-25 21:56:58 UTC
(In reply to Hank Leininger from comment #4)
> Derp... see attachment.
> 
> Please consider adding this or something like it to the ebuild, so that
> Gentoo admins can choose to set USE=-setuid to avoid chmod +s on
> /usr/bin/Xorg.  Setuid is only required when not using a launcher like xdm,
> gdm, lightdm.  We currently force it on unless systemd is in use.  This
> patch leaves the current behavior as the default, but allows admins to
> prevent setuid Xorg, to avoid this and similar future issues.
> 
> Let me know if this should be a separate bug instead (don't know if this
> will be controversial during the stabilization process?).

Yes, let's please do this as a separate bug.
Comment 6 Hank Leininger 2018-10-25 23:27:04 UTC
(In reply to Matt Turner from comment #5)
> (In reply to Hank Leininger from comment #4)
> > 
> > Please consider adding this or something like it to the ebuild, so that
> > Gentoo admins can choose to set USE=-setuid to avoid chmod +s on
[snip] 
> > Let me know if this should be a separate bug instead (don't know if this
> 
> Yes, let's please do this as a separate bug.

Thanks, done: bug 669648
Comment 7 Thomas Deutschmann gentoo-dev Security 2018-10-26 00:54:43 UTC
x86 stable
Comment 8 Matt Turner gentoo-dev 2018-10-26 01:56:12 UTC
ppc/ppc64 stable
Comment 9 Sergei Trofimovich gentoo-dev 2018-10-26 23:00:38 UTC
ia64 stable
Comment 10 Rolf Eike Beer archtester 2018-10-28 21:10:19 UTC
sparc stable
Comment 11 Sergei Trofimovich gentoo-dev 2018-10-28 22:39:42 UTC
hppa stable
Comment 12 Matt Turner gentoo-dev 2018-10-28 23:58:17 UTC
alpha stable
Comment 13 Thomas Deutschmann gentoo-dev Security 2018-10-30 15:52:55 UTC
New GLSA request filed.
Comment 14 GLSAMaker/CVETool Bot gentoo-dev 2018-10-30 21:09:21 UTC
This issue was resolved and addressed in
 GLSA 201810-09 at https://security.gentoo.org/glsa/201810-09
by GLSA coordinator Thomas Deutschmann (whissi).
Comment 15 Thomas Deutschmann gentoo-dev Security 2018-10-30 21:10:03 UTC
Re-opening for remaining architecture.
Comment 16 Markus Meier gentoo-dev 2018-11-01 06:08:55 UTC
arm stable, all arches done.
Comment 17 Larry the Git Cow gentoo-dev 2018-12-16 22:26:32 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7de9593c7863f6af2de82de65c31778b4f1ece81

commit 7de9593c7863f6af2de82de65c31778b4f1ece81
Author:     Jeroen Roovers <jer@gentoo.org>
AuthorDate: 2018-12-16 22:25:12 +0000
Commit:     Jeroen Roovers <jer@gentoo.org>
CommitDate: 2018-12-16 22:26:26 +0000

    profiles/package.mask: Mask =x11-drivers/nvidia-drivers-304*
    
    Bug: https://bugs.gentoo.org/669588
    Signed-off-by: Jeroen Roovers <jer@gentoo.org>

 profiles/package.mask | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
Comment 18 Larry the Git Cow gentoo-dev 2018-12-16 22:39:29 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=96acbebb9da80d6eae805b839c8e79f967cd344b

commit 96acbebb9da80d6eae805b839c8e79f967cd344b
Author:     Jeroen Roovers <jer@gentoo.org>
AuthorDate: 2018-12-16 22:38:15 +0000
Commit:     Jeroen Roovers <jer@gentoo.org>
CommitDate: 2018-12-16 22:39:25 +0000

    profiles/package.mask: Clarify x11-drivers/nvidia-drivers masking
    
    Bug: https://bugs.gentoo.org/669588
    Signed-off-by: Jeroen Roovers <jer@gentoo.org>

 profiles/package.mask | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)
Comment 19 Larry the Git Cow gentoo-dev 2018-12-17 20:35:50 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0558012b9259494dc3aaed5fb563cba1bc50de53

commit 0558012b9259494dc3aaed5fb563cba1bc50de53
Author:     Matt Turner <mattst88@gentoo.org>
AuthorDate: 2018-12-17 20:30:17 +0000
Commit:     Matt Turner <mattst88@gentoo.org>
CommitDate: 2018-12-17 20:34:14 +0000

    profiles: Mask <x11-base/xorg-server-1.20.3
    
    Bug: https://bugs.gentoo.org/669588
    Signed-off-by: Matt Turner <mattst88@gentoo.org>

 profiles/package.mask | 2 ++
 1 file changed, 2 insertions(+)
Comment 20 Larry the Git Cow gentoo-dev 2019-01-16 10:00:52 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eb22dfef2d7c2ae67f092cbbdd9a0631ca609f56

commit eb22dfef2d7c2ae67f092cbbdd9a0631ca609f56
Author:     Jeroen Roovers <jer@gentoo.org>
AuthorDate: 2019-01-16 09:59:29 +0000
Commit:     Jeroen Roovers <jer@gentoo.org>
CommitDate: 2019-01-16 10:00:43 +0000

    x11-drivers/nvidia-drivers: Drop unmaintained branches
    
    Bug: https://bugs.gentoo.org/669588
    Closes: https://bugs.gentoo.org/673392
    Closes: https://bugs.gentoo.org/673490
    Package-Manager: Portage-2.3.56, Repoman-2.3.12
    Signed-off-by: Jeroen Roovers <jer@gentoo.org>

 x11-drivers/nvidia-drivers/Manifest                |  38 --
 .../files/nvidia-drivers-375.82-profiles-rc.patch  |  11 -
 .../files/nvidia-drivers-pax-const.patch           |  17 -
 .../files/nvidia-drivers-pax-usercopy.patch        |  54 --
 .../nvidia-drivers/nvidia-drivers-304.137.ebuild   | 499 ------------------
 .../nvidia-drivers/nvidia-drivers-375.82.ebuild    | 569 --------------------
 .../nvidia-drivers/nvidia-drivers-378.13-r1.ebuild | 572 --------------------
 .../nvidia-drivers/nvidia-drivers-381.22-r1.ebuild | 573 --------------------
 .../nvidia-drivers/nvidia-drivers-384.130.ebuild   | 581 --------------------
 .../nvidia-drivers/nvidia-drivers-387.34.ebuild    | 586 ---------------------
 .../nvidia-drivers/nvidia-drivers-396.54.ebuild    | 581 --------------------
 11 files changed, 4081 deletions(-)