Hi!
I confirm that this bug exists on all 3 lenny machines here.
The -config and -xf86config options are completely broken for users, you can't
start an xserver when you pass them, even when using the default xorg.conf:
X :1 -xf86config xorg.conf
won't start when done as user, even when everyone can start X is activated
(dpkg-reconfigure x11-common)
I hope the fix can be applied for a future point release, because the bug
breaks these options for nearly everyone. You need them to start multiple
x-servers with different configurations to achieve:
- have a separate x-server on another graphic card
- run a second x-server for presentations, games,..
with different resolution, mouse support, ...
Last night I ran into another system broken by this bug. That prompted
me to show the patch to the owner of the broken system. He pointed out
that I missed the case of a leading slash. There's an amended patch at
the end.
The patch did not work, because there was a wrong number of parentheses after
applying. The patch which worked for me is attached.
I don't mean to complain, I really do appreciate having someone taking
care of the X server on my machines, and I'm open to other approaches
to fixing this, just let me know.
By not starting as user, e.g. with sudo.
xserver-xorg is a very small package so it did not take so long to patch and
build it, thanks for making it so modular.
Markus
--- xserver-wrapper.c.orig 2009-03-01 21:46:26.681729627 +0100
+++ xserver-wrapper.c 2009-03-01 21:49:44.381726371 +0100
@@ -324,9 +324,14 @@ main(int argc, char **argv)
for (i = 1; i argc; i++) {
if (!strcmp(argv[i], -config) || !strcmp(argv[i], -xf86config)) {
-if (setuid(getuid())) {
- perror(X unable to drop setuid privileges for alternate config);
- exit(1);
+if (i+1 argc /* if there is no argument to config */
+|| (*(argv[i+1]) == '/') /* or it starts with a slash */
+|| strstr(argv[i+1],Xwrapper.config) /* or is our config file */
+|| strstr(argv[i+1],..)) { /* or attempts to escape this dir */
+ if (setuid(getuid())) {
+perror(X unable to drop setuid privileges for alternate config);
+exit(1);
+ }
}
} else if (strlen(argv[i]) 256) {
if (setuid(getuid())) {