> >> So, it sounds like a single byte change in the entire X src tree
> >> could fix a bug that could give an attacker complete control of a
> >> system. Lovely...
For the curious out there, it isn't one byte, it's two. It is a PAIR
of parenthesis that are missing, not a single one, like many of the
non-technical summaries imply.
Basically, the flaw is:
if (getuid() == 0 || geteuid == 0)
doesn't do what you intended!
-Tim
P.S. Note that this can be considered a type error if you're pedantic
enough ... it requires:
(1) an OS that uses integral types as user identifiers
(2) a language that will implicitly convert functions to pointers
(3) a language that allows pointer comparisons to zero
_______________________________________________
Secure Coding mailing list (SC-L)
SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
