der Mouse wrote: > And, of course, nobody ever bothers to say just what the problem was. > Grrr. (Fortunately, I don't care, since I am running pre-X11R6.9.0 > code, or I'd be trying to chase down the diff.)
Bad code: /* First the options that are only allowed for root */ if (getuid() == 0 || geteuid != 0) { if (!strcmp(argv[i], "-modulepath")) Good code: /* First the options that are only allowed for root */ if (getuid() == 0 || geteuid() != 0) { if (!strcmp(argv[i], "-modulepath")) The problem, of course, is that the address of geteuid is always == true. rCs -- Robert C. Seacord Senior Vulnerability Analyst CERT/CC Work: 412-268-7608 FAX: 412-268-6989 _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php