News:

So the widespread use of emojis these days kinda makes forum smileys pointless, yeah?

Main Menu

X.org 6.9 - 7.x root exploit

Started by SecretShop, May 04, 2006, 03:01:19 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

SecretShop

May 04, 2006, 03:01:19 AM
Because in the C language it is not necessary to add syntax to refrence a function my memory address the line
if (geteuid == 0) {  made it into the X code.  This statement compares the memory address of the geteuid function with zero (NULL in ansi C) and returns false always.  Because of this, X does not check the effective uid properly and is therefore vunerable to exploitation on versions of the system where the bug has not been corrected.  It should state :
if (geteuid() == 0) to determine if the user is root or not by effective user id.

iago

#1
May 04, 2006, 08:07:15 AM
I don't think I see the implications of that. 

Why would they be running X as root in the first place?  Running a program like X, which is designed to be run as a user, as root, it just asking for something bad to happen. 

MyndFyre

#2
May 04, 2006, 04:45:04 PM
Quote from: SecretShop on May 04, 2006, 03:01:19 AM
Because in the C language it is not necessary to add syntax to refrence a function my memory address the line
if (geteuid == 0) {  made it into the X code.  This statement compares the memory address of the geteuid function with zero (NULL in ansi C) and returns false always.  Because of this, X does not check the effective uid properly and is therefore vunerable to exploitation on versions of the system where the bug has not been corrected.  It should state :
if (geteuid() == 0) to determine if the user is root or not by effective user id.

Ahh, another failure of the haphazard typing of C.

Quote from: iago on May 04, 2006, 08:07:15 AM
Why would they be running X as root in the first place?  Running a program like X, which is designed to be run as a user, as root, it just asking for something bad to happen. 
Because they don't know any better?  Remember iago, if you want Linux to be used by the masses, you need to dumb it down for them.

Besides that, I regularly run X stuff while I'm su-ing to edit .conf files.  X as me->Term->su->emacs (which launches xemacs). 

Now not knowing where this kind of code is, I can't say whether that kind of root running would be affected.  I'm just saying, sometimes you're in X as root.  (Is your security context associated on a per-thread basis, like in Windows?)
Quote from: Joe on January 23, 2011, 11:47:54 PM
I have a programming folder, and I have nothing of value there

Running with Code has a new home!

Quote from: Rule on May 26, 2009, 02:02:12 PMOur species really annoys me.

Newby

#3
May 04, 2006, 05:30:21 PM
Quote from: MyndFyrex86] link=topic=5769.msg67947#msg67947 date=1146775504]
Now not knowing where this kind of code is, I can't say whether that kind of root running would be affected.  I'm just saying, sometimes you're in X as root.  (Is your security context associated on a per-thread basis, like in Windows?)

He meant you're running the X Window System in whole as root. Not just a window.

IIRC, this code is in the basis of the X, not just a program/window itself.
- Newby
http://www.x86labs.org

Quote[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

Quote from: Rule on June 30, 2008, 01:13:20 PM
Quote from: CrAz3D on June 30, 2008, 10:38:22 AM
I'd bet that you're currently bloated like a water ballon on a hot summer's day.

That analogy doesn't even make sense.  Why would a water balloon be especially bloated on a hot summer's day? For your sake, I hope there wasn't too much logic testing on your LSAT. 

iago

#4
May 04, 2006, 05:53:07 PM
I read more about this, and I was mistaken.  Xorg is setUID and runs in root context, so this could indeed be a big problem.  My bad there. 

Quote from: MyndFyrex86] link=topic=5769.msg67947#msg67947 date=1146775504]
Because they don't know any better?  Remember iago, if you want Linux to be used by the masses, you need to dumb it down for them.
The default configuration is usually what people use, and I didn't think it was root by default.  It is, and it is by necessity, I made a mistake.

Quote from: MyndFyrex86] link=topic=5769.msg67947#msg67947 date=1146775504]
Besides that, I regularly run X stuff while I'm su-ing to edit .conf files.  X as me->Term->su->emacs (which launches xemacs). 

Now not knowing where this kind of code is, I can't say whether that kind of root running would be affected.  I'm just saying, sometimes you're in X as root.  (Is your security context associated on a per-thread basis, like in Windows?)
I'm not sure exactly how X works, but I don't think running a GUI-based program as root is the same.  When a program runs, it contacts X as a client, it's not actually run BY X.  That's a huge difference from Windows. 

I think that Linux does security per-process.  However, Linux is much more process-happy than Windows, and is fairly thread-hostile.  Spawning a process on Linux is extremely cheap. 

Ergot

#5
May 04, 2006, 06:25:24 PM
There's a Slashdot article somewhere around saying it was found by some machine or w/e. I not totally concerned since it was patched and I believe I am patched as well.
Quote from: Newby on February 26, 2006, 12:16:58 AM
Who gives a damn? I fuck sheep all the time.
Quote from: rabbit on December 11, 2005, 01:05:35 PM
And yes, male both ends.  There are a couple lesbians that need a two-ended dildo...My router just refuses to wear a strap-on.
(05:55:03) JoE ThE oDD: omfg good job i got a boner thinkin bout them chinese bitches
(17:54:15) Sidoh: I love cosmetology

iago

#6
May 04, 2006, 07:40:52 PM
Quote from: Ergot on May 04, 2006, 06:25:24 PM
There's a Slashdot article somewhere around saying it was found by some machine or w/e. I not totally concerned since it was patched and I believe I am patched as well.
Yeah, the US Government developed a program for scanning software (particularly opensource) for vulnerabilities.  They've found plenty of vulnerabilities in Linux, X, Ethereal, and others. 

Joe

#7
May 05, 2006, 05:15:24 PM
Quote from: iago on May 04, 2006, 08:07:15 AM
Why would they be running X as root in the first place?

Ubuntu's gdm (Gnome Desktop Manager) is run as root, then allows the user to log in through a "welcome screen", sort of like Windows XP.
Quote from: Camel on June 09, 2009, 04:12:23 PMI'd personally do as Joe suggests

Quote from: AntiVirus on October 19, 2010, 02:36:52 PM
You might be right about that, Joe.

cheeseisfun

#8
March 20, 2007, 09:20:31 PM
Quote from: iago on May 04, 2006, 07:40:52 PM
Quote from: Ergot on May 04, 2006, 06:25:24 PM
There's a Slashdot article somewhere around saying it was found by some machine or w/e. I not totally concerned since it was patched and I believe I am patched as well.
Yeah, the US Government developed a program for scanning software (particularly opensource) for vulnerabilities.  They've found plenty of vulnerabilities in Linux, X, Ethereal, and others. 

Are you talking about fuzzers? There are many fuzzers, and I don't know of one that was developed by the government. What is it called?

Quote from: Joex86] link=topic=5769.msg68098#msg68098 date=1146863724]
Quote from: iago on May 04, 2006, 08:07:15 AM
Why would they be running X as root in the first place?

Ubuntu's gdm (Gnome Desktop Manager) is run as root, then allows the user to log in through a "welcome screen", sort of like Windows XP.

Ok... that's neat.

Sorry for bumping this thread, btw.
Print
Go Up Pages1
User actions