Bug#234788: Major data loss because of .xsession-errors
root could setup /dev/xsession-errors or even ~/.xsession-errors to be an
acctual null dev with a cp -a and a chown.
--- Tomasz Wegrzanowski <taw@users.sf.net> wrote:
> On Sun, Feb 29, 2004 at 05:23:46PM -0500, Joey Hess wrote:
> > Tomasz Wegrzanowski wrote:
> > > When I tried it as root, X worked, but the /dev/null became 0600.
> > > So it seems it wants to chmod 0600 .xsession-errors.
> >
> > That would probably be a security hole (at least a DOS: make ld.so 600
> > and the system stops working), but I cannot reproduce it with
> > xserver-xfree86 4.2.1-10.
>
> Only if you can ln -sf /lib/ld.so /root/.xsession-errors, what you
> probably cannot. User with normal rights can't chmod /dev/null, and
> that's (probably) why it crashes.
>
>
__________________________________
Do you Yahoo!?
Get better spam protection with Yahoo! Mail.
http://antispam.yahoo.com/tools
Reply to: