Your message dated Mon, 17 Sep 2007 18:33:32 +0200 with message-id <46EEAC5C.2060303@ens-lyon.org> and subject line Bug#442879: x11-common: /usr/bin/X drops privileges too early has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database)
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: x11-common: /usr/bin/X drops privileges too early
- From: "Mario 'BitKoenig' Holbe" <Mario.Holbe@TU-Ilmenau.DE>
- Date: Mon, 17 Sep 2007 17:42:44 +0200
- Message-id: <[🔎] 20070917154243.GD15638@darkside.22.kls.lan>
Package: x11-common Version: 1:7.3+2 Hello, the new X version seems to drop privileges a little too early when it gets started with -xf86config: | holbe@darkside:/home/holbe% X :1 -xf86config xorg-tv.conf -nolisten tcp | | Fatal server error: | Cannot move old log file ("/var/log/Xorg.1.log" to "/var/log/Xorg.1.log.old" | | [1] 12282 exit 1 X :1 -xf86config xorg-tv.conf -nolisten tcp | holbe@darkside:/home/holbe% Leaving -xf86config away, everything works as expected: | holbe@darkside:/home/holbe% X :1 -nolisten tcp | | X.Org X Server 1.4.0 | Release Date: 5 September 2007 | X Protocol Version 11, Revision 0 | Build Operating System: Linux Debian (xorg-server 2:1.4-2) | ... The previous version 1:7.2-5 did work well in both cases. Thanks for your work & regards Mario -- We are the Bore. Resistance is futile. You will be bored.Attachment: signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
- To: Mario 'BitKoenig' Holbe <Mario.Holbe@TU-Ilmenau.DE>, 442879-done@bugs.debian.org
- Subject: Re: Bug#442879: x11-common: /usr/bin/X drops privileges too early
- From: Brice Goglin <Brice.Goglin@ens-lyon.org>
- Date: Mon, 17 Sep 2007 18:33:32 +0200
- Message-id: <46EEAC5C.2060303@ens-lyon.org>
- In-reply-to: <[🔎] 20070917154243.GD15638@darkside.22.kls.lan>
- References: <[🔎] 20070917154243.GD15638@darkside.22.kls.lan>
Mario 'BitKoenig' Holbe wrote: > Hello, > > the new X version seems to drop privileges a little too early when it > gets started with -xf86config: > > | holbe@darkside:/home/holbe% X :1 -xf86config xorg-tv.conf -nolisten tcp > | > | Fatal server error: > | Cannot move old log file ("/var/log/Xorg.1.log" to "/var/log/Xorg.1.log.old" > | > | [1] 12282 exit 1 X :1 -xf86config xorg-tv.conf -nolisten tcp > | holbe@darkside:/home/holbe% > If you look at the beginning of the log, you should see that it didn't find the xorg-tv.conf file. > Leaving -xf86config away, everything works as expected: > > | holbe@darkside:/home/holbe% X :1 -nolisten tcp > | > | X.Org X Server 1.4.0 > | Release Date: 5 September 2007 > | X Protocol Version 11, Revision 0 > | Build Operating System: Linux Debian (xorg-server 2:1.4-2) > | ... > > The previous version 1:7.2-5 did work well in both cases. > This is on purpose, for security reasons. Upstream X.org enables the use of any file as a custom config file. But the server outputs the first broken line in the parse error in the log. It makes it possible to any user to read the first line of whichever file in the system by just passing it to the X server through -config or -xf86config. So -config and -xf86config are modified in Debian to only accepts custom config files in /etc/X11. You didn't have the problem with 7.2-5 because we only modified -config. Now we modify -xf86config too since the same security issue exists there too. Brice
--- End Message ---