An old flaw in X Window System. How does it work?

Posted by Legend on Stack Overflow See other posts from Stack Overflow or by Legend
Published on 2010-04-26T23:24:23Z Indexed on 2010/04/26 23:33 UTC
Read the original article Hit count: 212

I was going through an article today when it mentioned the following:

"We've found many errors over the years. One of the absolute best was the following in the X Window System:

     if(getuid() != 0 && geteuid == 0) {
       ErrorF("Only root");
       exit(1);
     }

It allowed any local user to get root access. (The tautological check geteuid == 0 was intended to be geteuid() == 0. In its current form, it compress the address of geteuid to 0; given that the function exists, its address is never 0)."

The article explained what was wrong with the code but I would like to know what it means to say that "It allowed any local user to get root access". I am not an expert in C but can someone give me an exact context in which this exploit would work? Specifically, what I mean is, lets say I am the local user, how would I get root access if we assume this code to be present somewhere?

© Stack Overflow or respective owner

Related posts about c

    Related posts about security