On 03/05/06, Constantine A. Murenin <[EMAIL PROTECTED]> wrote:
On 03/05/06, Ste Jones <[EMAIL PROTECTED]> wrote:
> Is Theo the automated code scanner mentioned here?
> http://news.yahoo.com/s/zd/20060502/tc_zd/177195
>
> In reference to this commit
>
http://www.openbsd.org/cgi-bin/cvsweb/XF4/xc/programs/Xserver/hw/xfree86/common/xf86Init.c.diff?r1=1.13&r2=1.14
>
> 7 days before the official patch
> http://xorg.freedesktop.org/releases/X11R6.9.0/patches/x11r6.9.0-geteuid.diff
>
> Just curious
I think Theo's comment also deserves some attention:
> proper geteuid calls because suse hires people who mistype things
The article doesn't really mention this, but it looks like it's not
one of the original X bugs, but the one that was added in X.Org 6.9.0
by, according to Theo, SuSE. I.e. it could not have been discovered
two years ago, because it didn't exist at that time. :)
One other good conclusion, is that no OpenBSD -RELEASEs were ever
affected by this bug. :)
That is to say, the article is rather misleading -- it even mentions
OS X, but OS X includes xfree86 4.4
(http://www.apple.com/macosx/features/x11/), which doesn't have this
bug.
I.e. only a very limited number of actual non-linux installations
would be affected.
Nothing to worry here, but it'll be fun to know how it actually was
discovered. :)
