An old flaw in X Window System. How does it work?

Posted by Legend on Stack Overflow See other posts from Stack Overflow or by Legend
Published on 2010-04-26T23:24:23Z Indexed on 2010/04/26 23:33 UTC
Read the original article Hit count: 209

Filed under:

beginner

I was going through an article today when it mentioned the following:

"We've found many errors over the years. One of the absolute best was the following in the X Window System:
     if(getuid() != 0 && geteuid == 0) {
       ErrorF("Only root");
       exit(1);
     }
It allowed any local user to get root access. (The tautological check geteuid == 0 was intended to be geteuid() == 0. In its current form, it compress the address of geteuid to 0; given that the function exists, its address is never 0)."

The article explained what was wrong with the code but I would like to know what it means to say that "It allowed any local user to get root access". I am not an expert in C but can someone give me an exact context in which this exploit would work? Specifically, what I mean is, lets say I am the local user, how would I get root access if we assume this code to be present somewhere?

Related posts about security

sudo apt-get update errors

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
Here is what I get on my terminal when running sudo apt-get update errors. I dont know if the issue is from my sources.list or my proxy setup(have not made any changes to proxies). Thank you for any help in advanced. Ign http://security.ubuntu.com oneiric-security Release.gpg Ign http://security… >>> More
The Security-Developer Gap: Why IT Security Can't Fix Your Security Problems Alone

as seen on Devx - Search for 'Devx'
Two well-known white hats explain how hackers take advantage of security holes left by enterprise application developers. >>> More
The Security-Developer Gap: Why IT Security Can't Fix Your Security Problems Alone

as seen on Internet.com - Search for 'Internet.com'
Two well-known white hats explain how hackers take advantage of security holes left by enterprise application developers. >>> More
StackOverFlowError while creating Mac object on AS400/Java

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello all, I am a newbie to AS400-Java programming. I am trying to create my first program to test the implementation of Message Authentication Code (MAC). I am trying to use the HMACSHA1 hash function. My (Java 1.4) program runs fine on a dev box (V5R4).But fails terribly on the QA box (V5R3). My… >>> More
Google App Engine - Spring Security Issue (java.security.AccessControlException)

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm currently getting the AccessControlException below when I deploy to app engine (I don't see it when I run in my local environment). I'm using GAE 1.3.1, Spring 3.0.1, and Spring Security 3.0.2. Any ideas how to get around this issue? It appears to be an issue with Spring Security trying to get… >>> More

Developer IT

An old flaw in X Window System. How does it work? - Developer IT

An old flaw in X Window System. How does it work?

c

security

static-analysis

code-analysis

beginner

Related posts about c

Related posts about security

sudo apt-get update errors

The Security-Developer Gap: Why IT Security Can't Fix Your Security Problems Alone

The Security-Developer Gap: Why IT Security Can't Fix Your Security Problems Alone

StackOverFlowError while creating Mac object on AS400/Java

Google App Engine - Spring Security Issue (java.security.AccessControlException)

Categories cloud