Fix CVE-2011-4028: File disclosure vulnerability. upstream xorg/xserver commit…

Fix CVE-2011-4028: File disclosure vulnerability. upstream xorg/xserver commit 6ba44b91e37622ef8c146d8f2ac92d708a18ed34 use O_NOFOLLOW to open the existing lock file, so symbolic links aren't followed, thus avoid revealing if it point to an existing file.

Fix CVE-2011-4028: File disclosure vulnerability. upstream xorg/xserver commit…
df4a3b72 · Mike DePaulo · Mike Gabriel · af55da1e · df4a3b72
Commit df4a3b72 authored Feb 08, 2015 by Mike DePaulo Committed by Mike Gabriel Feb 14, 2015
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

utils.c nx-X11/programs/Xserver/os/utils.c +1 -1

No files found.
--- a/nx-X11/programs/Xserver/os/utils.c
+++ b/nx-X11/programs/Xserver/os/utils.c
@@ -483,7 +483,7 @@ LockServer(void)
      /*
       * Read the pid from the existing file
       */
-      lfd = open(LockFile, O_RDONLY);
+      lfd = open(LockFile, O_RDONLY|O_NOFOLLOW);
      if (lfd < 0) {
        unlink(tmp);
        FatalError("Can't read lock file %s\n", LockFile);