Open files with O_NOFOLLOW. (CVE-2017-16611)

A non-privileged X client can instruct X server running under root to open any
file by creating own directory with "fonts.dir", "fonts.alias" or any font file
being a symbolic link to any other file in the system. X server will then open
it. This can be issue with special files such as /dev/watchdog.

Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>

0 files changed, 0 insertions, 0 deletions