Submitted By: Dan Nicholson Date: 2007-01-18 Initial Package Version: 6.9.0 Origin: http://xorg.freedesktop.org/releases/X11R6.9.0/patches/ and http://gitweb.freedesktop.org/?p=xorg/xserver.git;a=commit;h=50a3e1ad18c815a5adafee22beccdf970bae62d6 Upstream Status: Applied Description: Fixes 4 security vulnerabilities. See the following advisories: http://lists.freedesktop.org/archives/xorg/2006-March/013992.html http://lists.freedesktop.org/archives/xorg/2006-May/015136.html http://lists.freedesktop.org/archives/xorg/2006-June/016146.html http://lists.freedesktop.org/archives/xorg/2006-September/018021.html http://lists.freedesktop.org/archives/xorg/2007-January/021054.html diff -pNur xc.orig/config/util/chownxterm.c xc/config/util/chownxterm.c --- xc.orig/config/util/chownxterm.c 2003-11-14 08:48:20.000000000 -0800 +++ xc/config/util/chownxterm.c 2007-01-18 20:48:34.000000000 -0800 @@ -41,8 +41,10 @@ char *prog_name; void help() { - setgid(getgid()); - setuid(getuid()); + if (setgid(getgid()) == -1) + exit(1); + if (setuid(getuid()) == -1) + exit(1); printf("chown-xterm makes %s suid root\n", XTERM_PATH); printf("This is necessary on Ultrix for /dev/tty operation.\n"); exit(0); @@ -51,8 +53,10 @@ void help() void print_error(err_string) char *err_string; { - setgid(getgid()); - setuid(getuid()); + if (setgid(getgid()) == -1) + exit(1); + if (setuid(getuid()) == -1) + exit(1); fprintf(stderr, "%s: \"%s\"", prog_name, err_string); perror(" failed"); exit(1); diff -pNur xc.orig/lib/font/Type1/afm.c xc/lib/font/Type1/afm.c --- xc.orig/lib/font/Type1/afm.c 2005-07-09 16:30:06.000000000 -0700 +++ xc/lib/font/Type1/afm.c 2007-01-18 20:48:35.000000000 -0800 @@ -29,6 +29,7 @@ #include #include #include +#include #else #include "Xmd.h" /* For INT32 declaration */ #include "Xdefs.h" /* For Bool */ @@ -118,6 +119,11 @@ int CIDAFM(FILE *fd, FontInfo **pfi) { fi->nChars = atoi(p); + if (fi->nChars < 0 || fi->nChars > INT_MAX / sizeof(Metrics)) { + xfree(afmbuf); + xfree(fi); + return(1); + } fi->metrics = (Metrics *)xalloc(fi->nChars * sizeof(Metrics)); if (fi->metrics == NULL) { diff -pNur xc.orig/lib/font/Type1/scanfont.c xc/lib/font/Type1/scanfont.c --- xc.orig/lib/font/Type1/scanfont.c 2005-07-09 16:30:06.000000000 -0700 +++ xc/lib/font/Type1/scanfont.c 2007-01-18 20:48:35.000000000 -0800 @@ -57,6 +57,7 @@ #ifndef FONTMODULE #include +#include #else #include "Xdefs.h" /* Bool declaration */ #include "Xmd.h" /* INT32 declaration */ @@ -654,6 +655,7 @@ getFDArray(psobj *arrayP) arrayP->data.valueP = tokenStartP; /* allocate FDArray */ + /* No integer overflow since arrayP->len is unsigned short */ FDArrayP = (psfont *)vm_alloc(arrayP->len*(sizeof(psfont))); if (!(FDArrayP)) return(SCAN_OUT_OF_MEMORY); @@ -850,7 +852,8 @@ BuildSubrs(psfont *FontP) } return(SCAN_OK); } - + if (N > INT_MAX / sizeof(psobj)) + return (SCAN_ERROR); arrayP = (psobj *)vm_alloc(N*sizeof(psobj)); if (!(arrayP) ) return(SCAN_OUT_OF_MEMORY); FontP->Subrs.len = N; @@ -911,7 +914,7 @@ BuildCharStrings(psfont *FontP) } else return(rc); /* if next token was not an Int */ } - if (N<=0) return(SCAN_ERROR); + if (N<=0 || N > INT_MAX / sizeof(psdict)) return(SCAN_ERROR); /* save number of entries in the dictionary */ dictP = (psdict *)vm_alloc((N+1)*sizeof(psdict)); @@ -1719,6 +1722,10 @@ scan_cidfont(cidfont *CIDFontP, cmapres if (tokenType == TOKEN_INTEGER) rangecnt = tokenValue.integer; + if (rangecnt < 0 || rangecnt > INT_MAX / sizeof(spacerangecode)) { + rc = SCAN_ERROR; + break; + } /* ==> tokenLength, tokenTooLong, tokenType, and */ /* tokenValue are now set */ diff -pNur xc.orig/lib/font/Type1/util.c xc/lib/font/Type1/util.c --- xc.orig/lib/font/Type1/util.c 2005-07-09 16:30:07.000000000 -0700 +++ xc/lib/font/Type1/util.c 2007-01-18 20:48:35.000000000 -0800 @@ -104,7 +104,7 @@ vm_alloc(int bytes) bytes = (bytes + 7) & ~7; /* Allocate the space, if it is available */ - if (bytes <= vm_free) { + if (bytes > 0 && bytes <= vm_free) { answer = vm_next; vm_free -= bytes; vm_next += bytes; diff -pNur xc.orig/lib/X11/lcFile.c xc/lib/X11/lcFile.c --- xc.orig/lib/X11/lcFile.c 2005-05-13 15:53:44.000000000 -0700 +++ xc/lib/X11/lcFile.c 2007-01-18 20:48:34.000000000 -0800 @@ -269,7 +269,11 @@ xlocaledir( if (seteuid(0) != 0) { priv = 0; } else { - seteuid(oldeuid); + if (seteuid(oldeuid) == -1) { + /* XXX ouch, coudn't get back to original uid + what can we do ??? */ + _exit(127); + } priv = 1; } #endif diff -pNur xc.orig/lib/xtrans/Xtranslcl.c xc/lib/xtrans/Xtranslcl.c --- xc.orig/lib/xtrans/Xtranslcl.c 2005-11-07 22:33:26.000000000 -0800 +++ xc/lib/xtrans/Xtranslcl.c 2007-01-18 20:48:35.000000000 -0800 @@ -360,7 +360,10 @@ TRANS(PTSOpenClient)(XtransConnInfo cipt uid_t saved_euid; saved_euid = geteuid(); - setuid( getuid() ); /** sets the euid to the actual/real uid **/ + /** sets the euid to the actual/real uid **/ + if (setuid( getuid() ) == -1) { + exit(1); + } if( chown( slave, saved_euid, -1 ) < 0 ) { exit( 1 ); } @@ -369,7 +372,13 @@ TRANS(PTSOpenClient)(XtransConnInfo cipt } waitpid(saved_pid, &exitval, 0); - + if (WIFEXITED(exitval) && WEXITSTATUS(exitval) != 0) { + close(fd); + close(server); + PRMSG(1, "PTSOpenClient: cannot set the owner of %s\n", + slave, 0, 0); + return(-1); + } if (chmod(slave, 0666) < 0) { close(fd); close(server); diff -pNur xc.orig/programs/xdm/session.c xc/programs/xdm/session.c --- xc.orig/programs/xdm/session.c 2005-11-07 22:33:31.000000000 -0800 +++ xc/programs/xdm/session.c 2007-01-18 20:48:35.000000000 -0800 @@ -488,8 +488,14 @@ SessionExit (struct display *d, int stat else ResetServer (d); if (removeAuth) { - setgid (verify.gid); - setuid (verify.uid); + if (setgid (verify.gid) == -1) { + LogError( "SessionExit: setgid: %s\n", strerror(errno)); + exit(status); + } + if (setuid (verify.uid) == -1) { + LogError( "SessionExit: setuid: %s\n", strerror(errno)); + exit(status); + } RemoveUserAuthorization (d, &verify); #ifdef K5AUTH /* do like "kdestroy" program */ diff -pNur xc.orig/programs/xdm/xdmshell.c xc/programs/xdm/xdmshell.c --- xc.orig/programs/xdm/xdmshell.c 2005-07-14 15:58:25.000000000 -0700 +++ xc/programs/xdm/xdmshell.c 2007-01-18 20:48:35.000000000 -0800 @@ -183,7 +183,11 @@ main ( #endif /* make xdm run in a non-setuid environment */ - setuid (geteuid()); + if (setuid (geteuid()) == -1) { + fprintf(stderr, "%s: cannot setuid (error %d, %s)\r\n", + ProgramName, errno, strerror(errno)); + exit(1); + } /* * exec /usr/bin/X11/xdm -nodaemon -udpPort 0 diff -pNur xc.orig/programs/xf86dga/dga.c xc/programs/xf86dga/dga.c --- xc.orig/programs/xf86dga/dga.c 2004-04-23 12:54:47.000000000 -0700 +++ xc/programs/xf86dga/dga.c 2007-01-18 20:48:35.000000000 -0800 @@ -16,6 +16,7 @@ #include #include #include +#include #include #include #include @@ -141,7 +142,10 @@ main(int argc, char *argv[]) #ifndef __UNIXOS2__ /* Give up root privs */ - setuid(getuid()); + if (setuid(getuid()) == -1) { + fprintf(stderr, "Unable to change uid: %s\n", strerror(errno)); + exit(2); + } #endif XF86DGASetViewPort(dis, DefaultScreen(dis), 0, 0); diff -pNur xc.orig/programs/xinit/xinit.c xc/programs/xinit/xinit.c --- xc.orig/programs/xinit/xinit.c 2005-10-03 18:27:34.000000000 -0700 +++ xc/programs/xinit/xinit.c 2007-01-18 20:48:35.000000000 -0800 @@ -692,7 +692,10 @@ static int startClient(char *client[]) { if ((clientpid = vfork()) == 0) { - setuid(getuid()); + if (setuid(getuid()) == -1) { + Error("cannot change uid: %s\n", strerror(errno)); + _exit(ERR_EXIT); + } setpgrp(0, getpid()); environ = newenviron; #ifdef __UNIXOS2__ diff -pNur xc.orig/programs/xload/xload.c xc/programs/xload/xload.c --- xc.orig/programs/xload/xload.c 2004-04-23 12:54:57.000000000 -0700 +++ xc/programs/xload/xload.c 2007-01-18 20:48:35.000000000 -0800 @@ -34,7 +34,7 @@ from the X Consortium. * xload - display system load average in a window */ - +#include #include #include #include @@ -162,8 +162,17 @@ main(int argc, char **argv) /* For security reasons, we reset our uid/gid after doing the necessary system initialization and before calling any X routines. */ InitLoadPoint(); - setgid(getgid()); /* reset gid first while still (maybe) root */ - setuid(getuid()); + /* reset gid first while still (maybe) root */ + if (setgid(getgid()) == -1) { + fprintf(stderr, "%s: setgid failed: %s\n", + ProgramName, strerror(errno)); + exit(1); + } + if (setuid(getuid()) == -1) { + fprintf(stderr, "%s: setuid failed: %s\n", + ProgramName, strerror(errno)); + exit(1); + } XtSetLanguageProc(NULL, (XtLanguageProc) NULL, NULL); diff -pNur xc.orig/programs/Xserver/dbe/dbe.c xc/programs/Xserver/dbe/dbe.c --- xc.orig/programs/Xserver/dbe/dbe.c 2005-07-03 00:01:17.000000000 -0700 +++ xc/programs/Xserver/dbe/dbe.c 2007-01-18 20:49:24.000000000 -0800 @@ -55,6 +55,10 @@ #include "xf86_ansic.h" #endif +#if !defined(UINT32_MAX) +#define UINT32_MAX 0xffffffffU +#endif + /* GLOBALS */ /* Per-screen initialization functions [init'ed by DbeRegisterFunction()] */ @@ -733,11 +737,14 @@ ProcDbeSwapBuffers(client) return(Success); } + if (nStuff > UINT32_MAX / sizeof(DbeSwapInfoRec)) + return BadAlloc; + /* Get to the swap info appended to the end of the request. */ dbeSwapInfo = (xDbeSwapInfo *)&stuff[1]; /* Allocate array to record swap information. */ - swapInfo = (DbeSwapInfoPtr)ALLOCATE_LOCAL(nStuff * sizeof(DbeSwapInfoRec)); + swapInfo = (DbeSwapInfoPtr)Xalloc(nStuff * sizeof(DbeSwapInfoRec)); if (swapInfo == NULL) { return(BadAlloc); @@ -752,14 +759,14 @@ ProcDbeSwapBuffers(client) if (!(pWin = SecurityLookupWindow(dbeSwapInfo[i].window, client, SecurityWriteAccess))) { - DEALLOCATE_LOCAL(swapInfo); + Xfree(swapInfo); return(BadWindow); } /* Each window must be double-buffered - BadMatch. */ if (DBE_WINDOW_PRIV(pWin) == NULL) { - DEALLOCATE_LOCAL(swapInfo); + Xfree(swapInfo); return(BadMatch); } @@ -768,7 +775,7 @@ ProcDbeSwapBuffers(client) { if (dbeSwapInfo[i].window == dbeSwapInfo[j].window) { - DEALLOCATE_LOCAL(swapInfo); + Xfree(swapInfo); return(BadMatch); } } @@ -779,7 +786,7 @@ ProcDbeSwapBuffers(client) (dbeSwapInfo[i].swapAction != XdbeUntouched ) && (dbeSwapInfo[i].swapAction != XdbeCopied )) { - DEALLOCATE_LOCAL(swapInfo); + Xfree(swapInfo); return(BadValue); } @@ -809,12 +816,12 @@ ProcDbeSwapBuffers(client) error = (*pDbeScreenPriv->SwapBuffers)(client, &nStuff, swapInfo); if (error != Success) { - DEALLOCATE_LOCAL(swapInfo); + Xfree(swapInfo); return(error); } } - DEALLOCATE_LOCAL(swapInfo); + Xfree(swapInfo); return(Success); } /* ProcDbeSwapBuffers() */ @@ -898,10 +905,12 @@ ProcDbeGetVisualInfo(client) REQUEST_AT_LEAST_SIZE(xDbeGetVisualInfoReq); + if (stuff->n > UINT32_MAX / sizeof(DrawablePtr)) + return BadAlloc; /* Make sure any specified drawables are valid. */ if (stuff->n != 0) { - if (!(pDrawables = (DrawablePtr *)ALLOCATE_LOCAL(stuff->n * + if (!(pDrawables = (DrawablePtr *)Xalloc(stuff->n * sizeof(DrawablePtr)))) { return(BadAlloc); @@ -914,7 +923,7 @@ ProcDbeGetVisualInfo(client) if (!(pDrawables[i] = (DrawablePtr)SecurityLookupDrawable( drawables[i], client, SecurityReadAccess))) { - DEALLOCATE_LOCAL(pDrawables); + Xfree(pDrawables); return(BadDrawable); } } @@ -926,7 +935,7 @@ ProcDbeGetVisualInfo(client) { if (pDrawables) { - DEALLOCATE_LOCAL(pDrawables); + Xfree(pDrawables); } return(BadAlloc); @@ -953,7 +962,7 @@ ProcDbeGetVisualInfo(client) /* Free pDrawables if we needed to allocate it above. */ if (pDrawables) { - DEALLOCATE_LOCAL(pDrawables); + Xfree(pDrawables); } return(BadAlloc); @@ -1034,7 +1043,7 @@ ProcDbeGetVisualInfo(client) if (pDrawables) { - DEALLOCATE_LOCAL(pDrawables); + Xfree(pDrawables); } return(client->noClientException); diff -pNur xc.orig/programs/Xserver/hw/xfree86/common/xf86Init.c xc/programs/Xserver/hw/xfree86/common/xf86Init.c --- xc.orig/programs/Xserver/hw/xfree86/common/xf86Init.c 2005-12-14 12:12:00.000000000 -0800 +++ xc/programs/Xserver/hw/xfree86/common/xf86Init.c 2007-01-18 20:48:35.000000000 -0800 @@ -1376,7 +1376,7 @@ ddxProcessArgument(int argc, char **argv } /* First the options that are only allowed for root */ - if (getuid() == 0 || geteuid != 0) + if (getuid() == 0 || geteuid() != 0) { if (!strcmp(argv[i], "-modulepath")) { @@ -1679,7 +1679,7 @@ ddxProcessArgument(int argc, char **argv } if (!strcmp(argv[i], "-configure")) { - if (getuid() != 0 && geteuid == 0) { + if (getuid() != 0 && geteuid() == 0) { ErrorF("The '-configure' option can only be used by root.\n"); exit(1); } @@ -1905,7 +1905,11 @@ xf86RunVtInit(void) FatalError("xf86RunVtInit: fork failed (%s)\n", strerror(errno)); break; case 0: /* child */ - setuid(getuid()); + if (setuid(getuid()) == -1) { + xf86Msg(X_ERROR, "xf86RunVtInit: setuid failed (%s)\n", + strerror(errno)); + exit(255); + } /* set stdin, stdout to the consoleFd */ for (i = 0; i < 2; i++) { if (xf86Info.consoleFd != i) { diff -pNur xc.orig/programs/Xserver/hw/xfree86/os-support/shared/libc_wrapper.c xc/programs/Xserver/hw/xfree86/os-support/shared/libc_wrapper.c --- xc.orig/programs/Xserver/hw/xfree86/os-support/shared/libc_wrapper.c 2005-07-03 01:53:48.000000000 -0700 +++ xc/programs/Xserver/hw/xfree86/os-support/shared/libc_wrapper.c 2007-01-18 20:48:35.000000000 -0800 @@ -1270,7 +1270,10 @@ xf86execl(const char *pathname, const ch #ifndef SELF_CONTAINED_WRAPPER xf86DisableIO(); #endif - setuid(getuid()); + if (setuid(getuid()) == -1) { + ErrorF("xf86Execl: setuid() failed: %s\n", strerror(errno)); + exit(255); + } #if !defined(SELF_CONTAINED_WRAPPER) /* set stdin, stdout to the consoleFD, and leave stderr alone */ for (i = 0; i < 2; i++) diff -pNur xc.orig/programs/Xserver/hw/xfree86/parser/write.c xc/programs/Xserver/hw/xfree86/parser/write.c --- xc.orig/programs/Xserver/hw/xfree86/parser/write.c 2005-07-03 00:01:37.000000000 -0700 +++ xc/programs/Xserver/hw/xfree86/parser/write.c 2007-01-18 20:48:35.000000000 -0800 @@ -170,7 +170,10 @@ xf86writeConfigFile (const char *filenam strerror(errno)); return 0; case 0: /* child */ - setuid(getuid()); + if (setuid(getuid()) == -1) + FatalError("xf86writeConfigFile(): " + "setuid failed(%s)\n", + strerror(errno)); ret = doWriteConfigFile(filename, cptr); exit(ret); break; diff -pNur xc.orig/programs/Xserver/os/utils.c xc/programs/Xserver/os/utils.c --- xc.orig/programs/Xserver/os/utils.c 2005-11-07 22:33:30.000000000 -0800 +++ xc/programs/Xserver/os/utils.c 2007-01-18 20:48:35.000000000 -0800 @@ -1718,8 +1718,10 @@ System(char *command) case -1: /* error */ p = -1; case 0: /* child */ - setgid(getgid()); - setuid(getuid()); + if (setgid(getgid()) == -1) + _exit(127); + if (setuid(getuid()) == -1) + _exit(127); execl("/bin/sh", "sh", "-c", command, (char *)NULL); _exit(127); default: /* parent */ @@ -1770,8 +1772,10 @@ Popen(char *command, char *type) xfree(cur); return NULL; case 0: /* child */ - setgid(getgid()); - setuid(getuid()); + if (setgid(getgid()) == -1) + _exit(127); + if (setuid(getuid()) == -1) + _exit(127); if (*type == 'r') { if (pdes[1] != 1) { /* stdout */ @@ -1845,8 +1849,10 @@ Fopen(char *file, char *type) xfree(cur); return NULL; case 0: /* child */ - setgid(getgid()); - setuid(getuid()); + if (setgid(getgid()) == -1) + _exit(127); + if (setuid(getuid()) == -1) + _exit(127); if (*type == 'r') { if (pdes[1] != 1) { /* stdout */ diff -pNur xc.orig/programs/Xserver/render/mitri.c xc/programs/Xserver/render/mitri.c --- xc.orig/programs/Xserver/render/mitri.c 2005-07-03 00:02:08.000000000 -0700 +++ xc/programs/Xserver/render/mitri.c 2007-01-18 20:48:35.000000000 -0800 @@ -145,7 +145,7 @@ miTriStrip (CARD8 op, if (npoint < 3) return; ntri = npoint - 2; - tris = ALLOCATE_LOCAL (ntri & sizeof (xTriangle)); + tris = ALLOCATE_LOCAL (ntri * sizeof (xTriangle)); if (!tris) return; for (tri = tris; npoint >= 3; npoint--, points++, tri++) @@ -177,7 +177,7 @@ miTriFan (CARD8 op, if (npoint < 3) return; ntri = npoint - 2; - tris = ALLOCATE_LOCAL (ntri & sizeof (xTriangle)); + tris = ALLOCATE_LOCAL (ntri * sizeof (xTriangle)); if (!tris) return; first = points++; diff -pNur xc.orig/programs/Xserver/render/render.c xc/programs/Xserver/render/render.c --- xc.orig/programs/Xserver/render/render.c 2005-08-28 12:47:39.000000000 -0700 +++ xc/programs/Xserver/render/render.c 2007-01-18 20:49:24.000000000 -0800 @@ -52,6 +52,10 @@ #include "xf86_ansic.h" #endif +#if !defined(UINT32_MAX) +#define UINT32_MAX 0xffffffffU +#endif + static int ProcRenderQueryVersion (ClientPtr pClient); static int ProcRenderQueryPictFormats (ClientPtr pClient); static int ProcRenderQueryPictIndexValues (ClientPtr pClient); @@ -1108,11 +1112,14 @@ ProcRenderAddGlyphs (ClientPtr client) } nglyphs = stuff->nglyphs; + if (nglyphs > UINT32_MAX / sizeof(GlyphNewRec)) + return BadAlloc; + if (nglyphs <= NLOCALGLYPH) glyphsBase = glyphsLocal; else { - glyphsBase = (GlyphNewPtr) ALLOCATE_LOCAL (nglyphs * sizeof (GlyphNewRec)); + glyphsBase = (GlyphNewPtr) Xalloc (nglyphs * sizeof (GlyphNewRec)); if (!glyphsBase) return BadAlloc; } @@ -1169,7 +1176,7 @@ ProcRenderAddGlyphs (ClientPtr client) } if (glyphsBase != glyphsLocal) - DEALLOCATE_LOCAL (glyphsBase); + Xfree (glyphsBase); return client->noClientException; bail: while (glyphs != glyphsBase) @@ -1178,7 +1185,7 @@ bail: xfree (glyphs->glyph); } if (glyphsBase != glyphsLocal) - DEALLOCATE_LOCAL (glyphsBase); + Xfree (glyphsBase); return err; } diff -pNur xc.orig/programs/xterm/main.c xc/programs/xterm/main.c --- xc.orig/programs/xterm/main.c 2005-12-14 15:28:27.000000000 -0800 +++ xc/programs/xterm/main.c 2007-01-18 20:48:35.000000000 -0800 @@ -1592,8 +1592,10 @@ main(int argc, char *argv[]ENVP_ARG) Window winToEmbedInto = None; #ifdef DISABLE_SETUID - seteuid(getuid()); - setuid(getuid()); + if (seteuid(getuid()) == -1) + exit(2); + if (setuid(getuid()) == -1) + exit(2); #endif ProgramName = argv[0]; @@ -1619,8 +1621,16 @@ main(int argc, char *argv[]ENVP_ARG) #if defined(USE_UTMP_SETGID) get_pty(NULL, NULL); - seteuid(getuid()); - setuid(getuid()); + if (seteuid(getuid()) == -1) { + fprintf(stderr, + "%s: unable to change back euid\n", ProgramName); + exit(1); + } + if (setuid(getuid()) == -1) { + fprintf(stderr, + "%s: unable to change back uid\n", ProgramName); + exit(1); + } #define get_pty(pty, from) really_get_pty(pty, from) #endif diff -pNur xc.orig/programs/xterm/misc.c xc/programs/xterm/misc.c --- xc.orig/programs/xterm/misc.c 2005-12-14 15:28:27.000000000 -0800 +++ xc/programs/xterm/misc.c 2007-01-18 20:48:35.000000000 -0800 @@ -1094,8 +1094,10 @@ creat_as(uid_t uid, gid_t gid, Bool appe pid = fork(); switch (pid) { case 0: /* child */ - setgid(gid); - setuid(uid); + if (setgid(gid) == -1) + _exit(ERROR_SETUID); + if (setuid(uid) == -1) + _exit(ERROR_SETUID); fd = open(pathname, O_WRONLY | O_CREAT | (append ? O_APPEND : O_EXCL), mode); @@ -1262,8 +1264,10 @@ StartLog(TScreen * screen) signal(SIGCHLD, SIG_DFL); /* (this is redundant) */ - setgid(screen->gid); - setuid(screen->uid); + if (setgid(screen->gid) == -1) + exit(ERROR_SETUID); + if (setuid(screen->uid) == -1) + exit(ERROR_SETUID); execl(shell, shell, "-c", &screen->logfile[1], (void *) 0); diff -pNur xc.orig/programs/xterm/print.c xc/programs/xterm/print.c --- xc.orig/programs/xterm/print.c 2005-08-05 09:13:04.000000000 -0700 +++ xc/programs/xterm/print.c 2007-01-18 20:48:35.000000000 -0800 @@ -387,9 +387,11 @@ charToPrinter(int chr) dup2(fileno(stderr), 2); close(fileno(stderr)); } - - setgid(screen->gid); /* don't want privileges! */ - setuid(screen->uid); + /* don't want privileges! */ + if (setgid(screen->gid) == -1) + exit(2); + if (setuid(screen->uid) == -1) + exit(2); Printer = popen(screen->printer_command, "w"); input = fdopen(my_pipe[0], "r");