Bug#234788: Major data loss because of .xsession-errors

To: Tomasz Wegrzanowski <taw@users.sf.net>, 234788-quiet@bugs.debian.org, Joey Hess <joeyh@debian.org>
Cc: 234788-quiet@bugs.debian.org, Branden Robinson <branden@debian.org>
Subject: Bug#234788: Major data loss because of .xsession-errors
From: Mike Mestnik <cheako911@yahoo.com>
Date: Sun, 29 Feb 2004 17:09:17 -0800 (PST)
Message-id: <[🔎] 20040301010917.42433.qmail@web11906.mail.yahoo.com>
Reply-to: Mike Mestnik <cheako911@yahoo.com>, 234788-quiet@bugs.debian.org
In-reply-to: <[🔎] 20040229235909.GA8828@wroclaw.taw.pl.eu.org>

root could setup /dev/xsession-errors or even ~/.xsession-errors to be an
acctual null dev with a cp -a and a chown.

--- Tomasz Wegrzanowski <taw@users.sf.net> wrote:
> On Sun, Feb 29, 2004 at 05:23:46PM -0500, Joey Hess wrote:
> > Tomasz Wegrzanowski wrote:
> > > When I tried it as root, X worked, but the /dev/null became 0600.
> > > So it seems it wants to chmod 0600 .xsession-errors.
> > 
> > That would probably be a security hole (at least a DOS: make ld.so 600
> > and the system stops working), but I cannot reproduce it with
> > xserver-xfree86 4.2.1-10.
> 
> Only if you can ln -sf /lib/ld.so /root/.xsession-errors, what you
> probably cannot. User with normal rights can't chmod /dev/null, and
> that's (probably) why it crashes.
> 
> 


__________________________________
Do you Yahoo!?
Get better spam protection with Yahoo! Mail.
http://antispam.yahoo.com/tools

Reply to:

References:
- Bug#234788: Major data loss because of .xsession-errors
  - From: Tomasz Wegrzanowski <taw@users.sf.net>

Prev by Date: Re: hello
Next by Date: Re: Question on X and new license...
Previous by thread: Bug#234788: Major data loss because of .xsession-errors
Next by thread: Bug#234772: #234772
Index(es):
- Date
- Thread