On Thu, 5 Dec 2019 at 13:42, Jonathan Gray <j...@jsg.id.au> wrote: > > Until very recently OpenBSD built xlockmore against Mesa. xlock is > setgid auth. As described by Qualys in their advisory > https://marc.info/?l=oss-security&m=157549260013521&w=2 > "CVE-2019-19520: Local privilege escalation via xlock" > the setuid check in the loader for LIBGL_DRIVERS_PATH does not handle > this. > Should we just use secure_getenv?
DAve. _______________________________________________ mesa-dev mailing list mesa-dev@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/mesa-dev