[Mesa-dev] [PATCH 6/7] mesa: Skip looking at debug environment variables when setuid.

Jose Fonseca jfonseca at vmware.com
Thu Mar 8 13:37:46 PST 2012


FWIW, I think that debug builds of Mesa should allow debugging options all the time. Secure installs should use release builds.

The added code lines are not portable, so they need to be compiled conditionally . At least #if !defined(_WIN32) ... #endif .

Jose 

----- Original Message -----
> When a driver is loaded by the setuid root X Server, you don't want
> the debug flags to apply in case they can be used for nefarious
> purposes.
> ---
>  src/mesa/main/imports.c |    4 ++++
>  1 files changed, 4 insertions(+), 0 deletions(-)
> 
> diff --git a/src/mesa/main/imports.c b/src/mesa/main/imports.c
> index 82713a1..f371c7a 100644
> --- a/src/mesa/main/imports.c
> +++ b/src/mesa/main/imports.c
> @@ -49,6 +49,7 @@
>  #include "mtypes.h"
>  #include "version.h"
>  
> +#include <unistd.h>
>  #ifdef _GNU_SOURCE
>  #include <locale.h>
>  #ifdef __APPLE__
> @@ -726,6 +727,9 @@ _mesa_bsearch( const void *key, const void *base,
> size_t nmemb, size_t size,
>  char *
>  _mesa_getenv( const char *var )
>  {
> +   if (geteuid() != getuid())
> +      return NULL;
> +
>  #if defined(_XBOX) || defined(_WIN32_WCE)
>     return NULL;
>  #else
> --
> 1.7.9.1
> 
> _______________________________________________
> mesa-dev mailing list
> mesa-dev at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/mesa-dev
> 


More information about the mesa-dev mailing list