[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#234788: Major data loss because of .xsession-errors

On Mon, Mar 01, 2004 at 10:27:32AM -0500, Branden Robinson wrote:
> On Sun, Feb 29, 2004 at 05:23:46PM -0500, Joey Hess wrote:
> > Tomasz Wegrzanowski wrote:
> > > When I tried it as root, X worked, but the /dev/null became 0600.
> > > So it seems it wants to chmod 0600 .xsession-errors.
> > 
> > That would probably be a security hole (at least a DOS: make ld.so 600
> > and the system stops working), but I cannot reproduce it with
> > xserver-xfree86 4.2.1-10.
> 
> It is the Xsession script in /etc/X11 that does this chmod.

<deleted>

> [question to the general public:] Do you think this chmod should just go
> away?

Considering the tendency of X applications to spew gods only know what to
stdout/stderr, and thus into .xsession-errors, this is probably still a
good idea.  I can't point to a case where there'd actually be
security-sensitive information included therein, but if there were...

Paranoia over all, I suppose.

-- 
 Marc Wilson |     "You who hate the Jews so, why did you adopt their
 msw@cox.net |     religion?"  -- Friedrich Nietzsche, addressing
             |     anti-semitic Christians
Reply to: