When the server is privileged, we shouldn't be passing the user's environment directly.
Signed-off-by: Julien Cristau <jcris...@debian.org> --- hw/xfree86/xorg-wrapper.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) It's possible some variables should be passed, in which case we could use a whitelist; in my testing this patch seemed to work, though. diff --git a/hw/xfree86/xorg-wrapper.c b/hw/xfree86/xorg-wrapper.c index 22e97ad..d6efb23 100644 --- a/hw/xfree86/xorg-wrapper.c +++ b/hw/xfree86/xorg-wrapper.c @@ -190,6 +190,7 @@ int main(int argc, char *argv[]) int total_cards = 0; int allowed = CONSOLE_ONLY; int needs_root_rights = -1; + char *const envp[1] = { NULL, }; progname = argv[0]; @@ -265,7 +266,10 @@ int main(int argc, char *argv[]) } argv[0] = buf; - (void) execv(argv[0], argv); + if (getuid() == geteuid()) + (void) execv(argv[0], argv); + else + (void) execve(argv[0], argv, envp); fprintf(stderr, "%s: Failed to execute %s: %s\n", progname, buf, strerror(errno)); exit(1); -- 2.6.1 _______________________________________________ xorg-devel@lists.x.org: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel