[PATCH xserver] xorg-wrapper: when starting the server as root, reset its environment

Jeremy Huddleston Sequoia jeremyhu at freedesktop.org
Sun Oct 18 21:02:55 PDT 2015 

I would suggest maybe instead doing:

int main(int argc, char *argv[], char *envp[]) {
    ...
    if (getuid() != geteuid())
        envp = {NULL, };
    (void)execve(argv[0], argv, envp);
    ...
}

Or at least name the variable something like empty_envp to distinguish it more clearly from the process's environment since it's common to have a main signature of int main(int argc, char *argv[], char *envp[]).

--Jeremy

> On Oct 18, 2015, at 10:26, Julien Cristau <jcristau at debian.org> wrote:
> 
> When the server is privileged, we shouldn't be passing the user's
> environment directly.
> 
> Signed-off-by: Julien Cristau <jcristau at debian.org>
> ---
> hw/xfree86/xorg-wrapper.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
> 
> It's possible some variables should be passed, in which case we could
> use a whitelist; in my testing this patch seemed to work, though.
> 
> diff --git a/hw/xfree86/xorg-wrapper.c b/hw/xfree86/xorg-wrapper.c
> index 22e97ad..d6efb23 100644
> --- a/hw/xfree86/xorg-wrapper.c
> +++ b/hw/xfree86/xorg-wrapper.c
> @@ -190,6 +190,7 @@ int main(int argc, char *argv[])
>     int total_cards = 0;
>     int allowed = CONSOLE_ONLY;
>     int needs_root_rights = -1;
> +    char *const envp[1] = { NULL, };
> 
>     progname = argv[0];
> 
> @@ -265,7 +266,10 @@ int main(int argc, char *argv[])
>     }
> 
>     argv[0] = buf;
> -    (void) execv(argv[0], argv);
> +    if (getuid() == geteuid())
> +        (void) execv(argv[0], argv);
> +    else
> +        (void) execve(argv[0], argv, envp);
>     fprintf(stderr, "%s: Failed to execute %s: %s\n",
>         progname, buf, strerror(errno));
>     exit(1);
> -- 
> 2.6.1
> 
> _______________________________________________
> xorg-devel at lists.x.org: X.Org development
> Archives: http://lists.x.org/archives/xorg-devel
> Info: http://lists.x.org/mailman/listinfo/xorg-devel

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4127 bytes
Desc: not available
URL: <http://lists.x.org/archives/xorg-devel/attachments/20151018/d4a9e3ae/attachment.bin>

More information about the xorg-devel mailing list