An old flaw in X Window System. How does it work?
Posted
by Legend
on Stack Overflow
See other posts from Stack Overflow
or by Legend
Published on 2010-04-26T23:24:23Z
Indexed on
2010/04/26
23:33 UTC
Read the original article
Hit count: 212
I was going through an article today when it mentioned the following:
"We've found many errors over the years. One of the absolute best was the following in the X Window System:
if(getuid() != 0 && geteuid == 0) { ErrorF("Only root"); exit(1); }
It allowed any local user to get root access. (The tautological check geteuid == 0 was intended to be geteuid() == 0. In its current form, it compress the address of geteuid to 0; given that the function exists, its address is never 0)."
The article explained what was wrong with the code but I would like to know what it means to say that "It allowed any local user to get root access". I am not an expert in C but can someone give me an exact context in which this exploit would work? Specifically, what I mean is, lets say I am the local user, how would I get root access if we assume this code to be present somewhere?
© Stack Overflow or respective owner