[PATCH 1/2] xfree86: Check for issetugid declaration
Julien Cristau
jcristau at debian.org
Fri Aug 2 01:56:47 PDT 2013
On Sun, Jul 28, 2013 at 13:34:44 +0200, Mark Kettenis wrote:
> > Date: Sun, 28 Jul 2013 10:48:16 +0200
> > From: Julien Cristau <jcristau at debian.org>
> >
> > On Sat, Jul 27, 2013 at 23:25:22 +0200, Mark Kettenis wrote:
> >
> > > > From: Julien Cristau <jcristau at debian.org>
> > > > Date: Sat, 27 Jul 2013 21:08:28 +0200
> > > >
> > > > Avoids 'implicit function declaration' build error on gnu/kfreebsd.
> > >
> > > That's seriously backwards. You should make sure the right headers
> > > get included such that there is a proper function declaration. Or, as
> > > a last a resort, if the header files for your OS are broken beyond
> > > repair, provide a function declaration yourself. But no using
> > > issetugid() when it is available is a security risk.
> > >
> > The same thing came up last year for xlib, the answer I got then was
> > http://lists.debian.org/debian-bsd/2012/04/msg00312.html
> > With the patch the HAVE_GETRESUID path is used instead.
>
> The HAVE_GETRESUID path is less secure. See:
>
> <http://www.shmoo.com/mail/bugtraq/jul98/msg00124.html>
>
> for a discussion. Not making available issetugid() on GNU/kFreeBSD is
> a bad decision.
After one more prod they've added the declaration. So consider this
patch withdrawn. Thanks!
Cheers,
Julien
More information about the xorg-devel
mailing list