Submitted By: Dan Nicholson <dnicholson at linuxfromscratch dot org>
Date: 2006-08-05
Initial Package Version: 1.0.0
Origin: http://xorg.freedesktop.org/releases/X11R7.1/patches/
Upstream Status: Applied
Description: Fixes a security vulnerability. See the following advisory:
    http://lists.freedesktop.org/archives/xorg/2006-June/016146.html

diff -pNur xtrans-1.0.0.orig/Xtranslcl.c xtrans-1.0.0/Xtranslcl.c
--- xtrans-1.0.0.orig/Xtranslcl.c	2005-11-08 06:33:26.000000000 +0000
+++ xtrans-1.0.0/Xtranslcl.c	2006-08-05 16:47:29.000000000 +0000
@@ -360,7 +360,10 @@ TRANS(PTSOpenClient)(XtransConnInfo cipt
 	uid_t       saved_euid;
 
 	saved_euid = geteuid();
-	setuid( getuid() ); /** sets the euid to the actual/real uid **/
+	/** sets the euid to the actual/real uid **/
+	if (setuid( getuid() ) == -1) {
+		exit(1);
+	}
 	if( chown( slave, saved_euid, -1 ) < 0 ) {
 		exit( 1 );
 		}
@@ -369,7 +372,13 @@ TRANS(PTSOpenClient)(XtransConnInfo cipt
     }
 
     waitpid(saved_pid, &exitval, 0);
-
+    if (WIFEXITED(exitval) && WEXITSTATUS(exitval) != 0) {
+	close(fd);
+	close(server);
+	PRMSG(1, "PTSOpenClient: cannot set the owner of %s\n",
+	      slave, 0, 0);
+	return(-1);
+    }
     if (chmod(slave, 0666) < 0) {
 	close(fd);
 	close(server);