On Thu, Oct 06, 2005 at 03:15:52AM +1000, Daniel Stone wrote: > On Wed, Aug 24, 2005 at 12:13:19AM +0200, Denis Barbier wrote: > > In order to ease migration from xlibs to xkeyboard-config, an option > > is to install xkeyboard-config files under another directory, so > > that xlibs and xkeyboard-config can be installed simultaneously. > > The selection between xlibs and xkeyboard-config data files could > > be made when X starts by adding a new XKBPATH environment variable. > > > > Here is a patch implementing this feature; I am unable for now to > > test it due to lack of CPU and disk resources, and will be grateful > > if someone could test it. > > > > If you XSF guys decide eventually to replace xlibs by xkeyboard-config, > > this hack can be removed, but until then it would really help to > > install xkeyboard-config on Debian systems. > > To be honest, I'm somewhat concerned about this patch: the XKB code is, > ah, how to put it -- not incredibly robust or auditable. Combined with > XKBPATH, allowing anyone to use their own arbitrary files, and the X > server being suid root, this is effectively a local root exploit if > someone can manage to exploit the gaping holes all through the XKB code > (if you don't believe me, ask me in private, and I can point you to the > most horrific examples). > > Already I can think of one possible shell injection attack, as well as > a couple of buffer overflows, that this might enable.
One can already write any arbitrary evil.map file and run $ xkbcomp evil.map :0 to have it parsed by the X server, or run $ setxkbmap -I/path/to/evil/files so does this XKBPATH stuff really add new vulnerabilities? Denis -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]