der Mouse wrote:
> And, of course, nobody ever bothers to say just what the problem was.
> Grrr. (Fortunately, I don't care, since I am running pre-X11R6.9.0
> code, or I'd be trying to chase down the diff.)
Bad code:
/* First the options that are only allowed for root */
if (getuid() == 0 || geteuid != 0) {
if (!strcmp(argv[i], "-modulepath"))
Good code:
/* First the options that are only allowed for root */
if (getuid() == 0 || geteuid() != 0) {
if (!strcmp(argv[i], "-modulepath"))
The problem, of course, is that the address of geteuid is
always == true.
rCs
--
Robert C. Seacord
Senior Vulnerability Analyst
CERT/CC
Work: 412-268-7608
FAX: 412-268-6989
_______________________________________________
Secure Coding mailing list (SC-L)
SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
