[PATCH xserver] check for elevated privileges not uid=0 (V2)
Julien Cristau
jcristau at debian.org
Mon Oct 10 12:49:11 PDT 2011
On Tue, Oct 11, 2011 at 02:00:27 +0700, Antoine Martin wrote:
> >+ /* XXX ouch, coudn't get back to original uid
> >+ what can we do ??? */
> >
> >If we get to this point, the code in the patch has failed. It should
> >apologize deeply and offer your phone number for technical support :)
> >Seriously, it should print an "internal error" message of some kind,
> >maybe including __function__. Just quitting silently and leave a
> >cryptic 127 that might or not propagate to the user does not cut it.
> Added a more helpful message. Notes:
> * most platforms I can get hold of now have "getresuid" or
> "issetugid", so this is unlikely to fire in the real world
> * when it does fire, the chances that setuid(0) does not fail but
> setuid(!=0) does is slim.
>
> >
> >+ _exit(127);
> Changed to plain exit(127)
>
> >Why do you use _exit() and not exit() here? This is not e.g. a forked
> >child that should escape normal clean-up?
> Are there are risks in calling the exit hooks as root? I can't see any.
>
FatalError seems like the right thing to call here, not exit?
Cheers,
Julien
More information about the xorg-devel
mailing list