[PATCH 1/2] xfree86: Check for issetugid declaration
Mark Kettenis
mark.kettenis at xs4all.nl
Sun Jul 28 04:34:44 PDT 2013
> Date: Sun, 28 Jul 2013 10:48:16 +0200
> From: Julien Cristau <jcristau at debian.org>
>
> On Sat, Jul 27, 2013 at 23:25:22 +0200, Mark Kettenis wrote:
>
> > > From: Julien Cristau <jcristau at debian.org>
> > > Date: Sat, 27 Jul 2013 21:08:28 +0200
> > >
> > > Avoids 'implicit function declaration' build error on gnu/kfreebsd.
> >
> > That's seriously backwards. You should make sure the right headers
> > get included such that there is a proper function declaration. Or, as
> > a last a resort, if the header files for your OS are broken beyond
> > repair, provide a function declaration yourself. But no using
> > issetugid() when it is available is a security risk.
> >
> The same thing came up last year for xlib, the answer I got then was
> http://lists.debian.org/debian-bsd/2012/04/msg00312.html
> With the patch the HAVE_GETRESUID path is used instead.
The HAVE_GETRESUID path is less secure. See:
<http://www.shmoo.com/mail/bugtraq/jul98/msg00124.html>
for a discussion. Not making available issetugid() on GNU/kFreeBSD is
a bad decision.
More information about the xorg-devel
mailing list