[PATCH libXau] Avoid out of boundary read access
Alan Coopersmith
alan.coopersmith at oracle.com
Fri Oct 20 15:57:54 UTC 2017
On 10/20/17 12:47 AM, walter harms wrote:
>
>
> Am 19.10.2017 22:18, schrieb Tobias Stoeckmann:
>> If the environment variable HOME is empty, XauFileName triggers an
>> out of boundary read access (name[1]).
>
> true but if HOME="" perhaps we could simply return
>
> If HOME consists of a single
>> character relative path, the output becomes unexpected, because
>> "HOME=a" leads to "a.Xauthority" instead of "a/.Xauthority". Granted,
>> a relative HOME path leads to trouble in general, the code should
>> properly return "a/.Xauthority" nonetheless.
>
> Why is that massage for slashDotXauthority done in the first place ?
> if we drop it:
> HOME + "/.Xauthority" =
> "" + "/.Xauthority" = "/.Xauthority"
> "a" + "/.Xauthority" = "a/.Xauthority"
> "a/" + "/.Xauthority" = "a//.Xauthority"
You missed the HOME="/" case which was commonly used on Unix systems
for the root user before the invention of the /root home directory.
"/" + "/.Xauthority" = "//.Xauthority"
> a "//" will be condensed to "/" by the system
>
> did i miss something ?
I don't know of any systems that currently do this, but when X was written,
there were systems in which "//.Xauthority" would cause it to try to connect
to a host named ".Xauthority" and look in its filesystem, instead of just
trying to find ".Xauthority" as a file in the root of the local filesystem.
The system I used with this feature was Apollo Domain/OS, but I think it made
it's way into the DCE system from HP after they bought Apollo. The syntax
inspired both the URL syntax we all use today with the same //hostname/path
model and the similar syntax with / turned to \ in Microsoft's networking.
It was fun to be in "/", run "cd .." and then have ls show all the hostnames
on your network, to which you could cd into and then have full access to their
filesystem. (In hindsight also somewhat weird for / to not be the actual root
and somewhat scary for the unfiltered filesystem sharing, not just the portions
you wanted to share as NFS does.)
--
-Alan Coopersmith- alan.coopersmith at oracle.com
Oracle Solaris Engineering - https://blogs.oracle.com/alanc
More information about the xorg-devel
mailing list