The Xinput module leaks a fd, which is optionally read from the XCOMPOSEFILE env
variable. At least with xterm this open happens with elevated privs.
See line 620:
Created attachment 7459 [details] [review]
kill double open
Fixed with git commit 686bb8b35acf6cecae80fe89b2b5853f5816ce19.
Should this be fixed in 7.1 as well, or in the stable branch of libX11? Or just
a new release of libX11?
So far xterm seems to be the only problematic app (setgid), but with its normal
gid no security relevant files can be accessed.
I have the impression that the vulnerable code was added after 7.1, in a commit
from June 13.
Only libX11 1.0.2 and 1.0.3 are vulnerable. So I guess the upcoming 1.1 release
BTW, this has been assigned CVE-2006-5397 by mitre.
marking as fixed, as we're shipping 1.1 with 7.2