Bug#234788: Major data loss because of .xsession-errors

To: Joey Hess <joeyh@debian.org>
Cc: 234788-quiet@bugs.debian.org, Branden Robinson <branden@debian.org>
Subject: Bug#234788: Major data loss because of .xsession-errors
From: Tomasz Wegrzanowski <taw@users.sf.net>
Date: Mon, 1 Mar 2004 00:59:09 +0100
Message-id: <[🔎] 20040229235909.GA8828@wroclaw.taw.pl.eu.org>
Reply-to: Tomasz Wegrzanowski <taw@users.sf.net>, 234788-quiet@bugs.debian.org
In-reply-to: <[🔎] 20040229222346.GD11298@kitenet.net>
References: <[🔎] E1Aw5CX-0002VU-0B@wroclaw.taw.pl.eu.org> <[🔎] 20040226194437.GN18335@deadbeast.net> <[🔎] 20040228130157.GA28820@wroclaw.taw.pl.eu.org> <[🔎] 20040228175659.GB17969@deadbeast.net> <[🔎] 20040228183612.GA31141@wroclaw.taw.pl.eu.org> <[🔎] 20040229222346.GD11298@kitenet.net>

On Sun, Feb 29, 2004 at 05:23:46PM -0500, Joey Hess wrote:
> Tomasz Wegrzanowski wrote:
> > When I tried it as root, X worked, but the /dev/null became 0600.
> > So it seems it wants to chmod 0600 .xsession-errors.
> 
> That would probably be a security hole (at least a DOS: make ld.so 600
> and the system stops working), but I cannot reproduce it with
> xserver-xfree86 4.2.1-10.

Only if you can ln -sf /lib/ld.so /root/.xsession-errors, what you
probably cannot. User with normal rights can't chmod /dev/null, and
that's (probably) why it crashes.

Reply to:

Follow-Ups:
- Bug#234788: Major data loss because of .xsession-errors
  - From: Mike Mestnik <cheako911@yahoo.com>

References:
- Bug#234788: Major data loss because of .xsession-errors
  - From: Tomasz Wegrzanowski <taw@users.sf.net>
- Bug#234788: Major data loss because of .xsession-errors
  - From: Branden Robinson <branden@debian.org>
- Bug#234788: Major data loss because of .xsession-errors
  - From: Tomasz Wegrzanowski <taw@users.sf.net>
- Bug#234788: Major data loss because of .xsession-errors
  - From: Branden Robinson <branden@debian.org>
- Bug#234788: Major data loss because of .xsession-errors
  - From: Tomasz Wegrzanowski <taw@users.sf.net>
- Bug#234788: Major data loss because of .xsession-errors
  - From: Joey Hess <joeyh@debian.org>

Prev by Date: Re: person needed to build and test XFree86 trunk for 4.3.0-3 release
Next by Date: Bug#235279: marked as done (Spanish keyboard problem in package xlibs 4.3.0)
Previous by thread: Bug#234788: Major data loss because of .xsession-errors
Next by thread: Bug#234788: Major data loss because of .xsession-errors
Index(es):
- Date
- Thread