MFC: Disable -logfile and -modulepath when running with elevated

privileges. This Could cause arbitrary files overwrite. CVE-2018-14665.
2018-10-25 15:44:27 +00:00 · 2018-10-25 15:44:27 +00:00 · 2d6e93a5b7
commit 2d6e93a5b7
parent e897f28b00
1 changed files with 6 additions and 2 deletions
--- a/xserver/hw/xfree86/common/xf86Init.c
+++ b/xserver/hw/xfree86/common/xf86Init.c
@ -1145,14 +1145,18 @@ ddxProcessArgument(int argc, char **argv, int i)
    /* First the options that are not allowed with elevated privileges */
    if (!strcmp(argv[i], "-modulepath")) {
        CHECK_FOR_REQUIRED_ARGUMENT();
-        xf86CheckPrivs(argv[i], argv[i + 1]);
+        if (xf86PrivsElevated())
+              FatalError("\nInvalid argument -modulepath "
+                "with elevated privileges\n");
        xf86ModulePath = argv[i + 1];
        xf86ModPathFrom = X_CMDLINE;
        return 2;
    }
    if (!strcmp(argv[i], "-logfile")) {
        CHECK_FOR_REQUIRED_ARGUMENT();
-        xf86CheckPrivs(argv[i], argv[i + 1]);
+        if (xf86PrivsElevated())
+              FatalError("\nInvalid argument -logfile "
+                "with elevated privileges\n");
        xf86LogFile = argv[i + 1];
        xf86LogFileFrom = X_CMDLINE;
        return 2;