[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#555308: marked as done (xserver-xorg: X inherits user's umask)

Your message dated Sat, 28 Nov 2009 16:34:42 +0000
with message-id <E1NEQFu-0006k3-4M@ries.debian.org>
and subject line Bug#555308: fixed in xorg-server 2:1.7.2-1
has caused the Debian Bug report #555308,
regarding xserver-xorg: X inherits user's umask
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
555308: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555308
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: xserver-xorg
Version: 1:7.4+4
Severity: normal
Tags: security
X-Debbugs-Cc: team@security.debian.org

/usr/bin/X, which is a suid root program, keeps the umask of the user
that started X. This results in at least one security problem: if the
user sets umask to 0, /var/log/Xorg.*.log will be world-writable, as
can be seen below.

Please set umask in /usr/bin/X to a sane value (022).


-- Package-specific info:
/var/lib/x11/X.roster does not exist.

/var/lib/x11/X.md5sum does not exist.

X server symlink status:
lrwxrwxrwx 1 root root 13     06/04/06  /etc/X11/X -> /usr/bin/Xorg
-rwxr-xr-x 1 root root 1689944 10/13/09 13:31 /usr/bin/Xorg

/var/lib/x11/xorg.conf.roster does not exist.

VGA-compatible devices on PCI bus:
01:05.0 VGA compatible controller: ATI Technologies Inc Radeon HD 3200 Graphics

/var/lib/x11/xorg.conf.md5sum does not exist.

Xorg X server configuration file status:
-rw-r--r-- 1 root root 1310 06/23/09 02:47 /etc/X11/xorg.conf

Contents of /etc/X11/xorg.conf:
# xorg.conf (X.Org X Window System server configuration file)
#
# This file was generated by dexconf, the Debian X Configuration tool, using
# values from the debconf database.
#
# Edit this file with caution, and see the xorg.conf manual page.
# (Type "man xorg.conf" at the shell prompt.)
#
# This file is automatically updated on xserver-xorg package upgrades *only*
# if it has not been modified since the last upgrade of the xserver-xorg
# package.
#
# If you have edited this file but would like it to be automatically updated
# again, run the following command:
#   sudo dpkg-reconfigure -phigh xserver-xorg

Section "InputDevice"
	Identifier	"Generic Keyboard"
	Driver		"kbd"
	Option		"XkbRules"	"xorg"
	Option		"XkbModel"	"samsung4500"
	Option		"XkbLayout"	"pl"
EndSection

Section "InputDevice"
	Identifier	"Configured Mouse"
	Driver		"mouse"
EndSection

Section "Device"
	Identifier	"Configured Video Device"
	Driver		"radeonhd"
	Option		"AccelMethod"		"EXA"
	Option		"DRI"			"true"
EndSection

Section "Monitor"
	Identifier	"Configured Monitor"
EndSection

Section "Screen"
	Identifier	"Default Screen"
	Monitor		"Configured Monitor"
EndSection


Xorg X server log files on system:
-rw-rw-rw- 1 root root 179460 11/08/09 19:22 /var/log/Xorg.1.log
-rw------- 1 root root 298428 11/08/09 19:22 /var/log/Xorg.0.log

Contents of most recent Xorg X server log file
/var/log/Xorg.0.log:

HAL Information (lshal):
udi = '/org/freedesktop/Hal/devices/computer_logicaldev_input'
  info.addons.singleton = {'hald-addon-input'} (string list)
  info.callouts.add = {'debian-setup-keyboard'} (string list)
  info.capabilities = {'input', 'input.keys', 'button'} (string list)
  info.category = 'input'  (string)
  info.parent = '/org/freedesktop/Hal/devices/computer'  (string)
  info.product = 'Power Button'  (string)
  info.subsystem = 'input'  (string)
  info.udi = '/org/freedesktop/Hal/devices/computer_logicaldev_input'  (string)
  input.device = '/dev/input/event2'  (string)
  input.product = 'Power Button'  (string)
  input.x11_driver = 'evdev'  (string)
  input.xkb.layout = 'pl'  (string)
  input.xkb.model = 'pc105'  (string)
  input.xkb.options = 'lv3:ralt_switch'  (string)
  input.xkb.rules = 'base'  (string)
  linux.device_file = '/dev/input/event2'  (string)
  linux.hotplug_type = 2  (0x2)  (int)
  linux.subsystem = 'input'  (string)
  linux.sysfs_path =
'/sys/devices/LNXSYSTM:00/LNXPWRBN:00/input/input2/event2'  (string)

udi = '/org/freedesktop/Hal/devices/computer_logicaldev_input_0'
  info.addons.singleton = {'hald-addon-input'} (string list)
  info.callouts.add = {'debian-setup-keyboard'} (string list)
  info.capabilities = {'input', 'input.keys', 'button'} (string list)
  info.category = 'input'  (string)
  info.parent = '/org/freedesktop/Hal/devices/computer'  (string)
  info.product = 'Power Button'  (string)
  info.subsystem = 'input'  (string)
  info.udi = '/org/freedesktop/Hal/devices/computer_logicaldev_input_0'
 (string)
  input.device = '/dev/input/event3'  (string)
  input.product = 'Power Button'  (string)
  input.x11_driver = 'evdev'  (string)
  input.xkb.layout = 'pl'  (string)
  input.xkb.model = 'pc105'  (string)
  input.xkb.options = 'lv3:ralt_switch'  (string)
  input.xkb.rules = 'base'  (string)
  linux.device_file = '/dev/input/event3'  (string)
  linux.hotplug_type = 2  (0x2)  (int)
  linux.subsystem = 'input'  (string)
  linux.sysfs_path =
'/sys/devices/LNXSYSTM:00/device:00/PNP0C0C:00/input/input3/event3'
(string)

udi = '/org/freedesktop/Hal/devices/platform_i8042_i8042_AUX_port_logicaldev_input'
  access_control.file = '/dev/input/event4'  (string)
  access_control.type = 'mouse'  (string)
  info.addons.singleton = {'hald-addon-input'} (string list)
  info.callouts.add = {'hal-acl-tool --add-device',
'debian-setup-keyboard'} (string list)
  info.callouts.remove = {'hal-acl-tool --remove-device'} (string list)
  info.capabilities = {'input', 'input.keys', 'input.mouse', 'button',
'access_control'} (string list)
  info.category = 'input'  (string)
  info.parent =
'/org/freedesktop/Hal/devices/platform_i8042_i8042_AUX_port'  (string)
  info.product = 'ImPS/2 Logitech Wheel Mouse'  (string)
  info.subsystem = 'input'  (string)
  info.udi = '/org/freedesktop/Hal/devices/platform_i8042_i8042_AUX_port_logicaldev_input'
 (string)
  input.device = '/dev/input/event4'  (string)
  input.originating_device =
'/org/freedesktop/Hal/devices/platform_i8042_i8042_AUX_port'  (string)
  input.product = 'ImPS/2 Logitech Wheel Mouse'  (string)
  input.x11_driver = 'evdev'  (string)
  input.xkb.layout = 'pl'  (string)
  input.xkb.model = 'pc105'  (string)
  input.xkb.options = 'lv3:ralt_switch'  (string)
  input.xkb.rules = 'base'  (string)
  linux.device_file = '/dev/input/event4'  (string)
  linux.hotplug_type = 2  (0x2)  (int)
  linux.subsystem = 'input'  (string)
  linux.sysfs_path =
'/sys/devices/platform/i8042/serio1/input/input4/event4'  (string)

udi = '/org/freedesktop/Hal/devices/platform_i8042_i8042_KBD_port_logicaldev_input'
  info.addons.singleton = {'hald-addon-input'} (string list)
  info.callouts.add = {'debian-setup-keyboard'} (string list)
  info.capabilities = {'input', 'input.keyboard', 'input.keypad',
'input.keys', 'button'} (string list)
  info.category = 'input'  (string)
  info.parent =
'/org/freedesktop/Hal/devices/platform_i8042_i8042_KBD_port'  (string)
  info.product = 'AT Translated Set 2 keyboard'  (string)
  info.subsystem = 'input'  (string)
  info.udi = '/org/freedesktop/Hal/devices/platform_i8042_i8042_KBD_port_logicaldev_input'
 (string)
  input.device = '/dev/input/event0'  (string)
  input.originating_device =
'/org/freedesktop/Hal/devices/platform_i8042_i8042_KBD_port'  (string)
  input.product = 'AT Translated Set 2 keyboard'  (string)
  input.x11_driver = 'evdev'  (string)
  input.xkb.layout = 'pl'  (string)
  input.xkb.model = 'pc105'  (string)
  input.xkb.options = 'lv3:ralt_switch'  (string)
  input.xkb.rules = 'base'  (string)
  linux.device_file = '/dev/input/event0'  (string)
  linux.hotplug_type = 2  (0x2)  (int)
  linux.subsystem = 'input'  (string)
  linux.sysfs_path =
'/sys/devices/platform/i8042/serio0/input/input0/event0'  (string)

DRM Information from dmesg:
No AGP bridge found
Linux agpgart interface v0.103
[drm] Initialized drm 1.1.0 20060810
[drm] Initialized radeon 1.31.0 20080528 for 0000:01:05.0 on minor 0
[drm] Setting GART location based on new memory map
[drm] Loading RS780 CP Microcode
[drm] Resetting GPU
[drm] writeback test succeeded in 1 usecs
[drm] Resetting GPU
[drm] Resetting GPU
[drm] Resetting GPU
[drm] Resetting GPU


-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing'), (400, 'unstable'), (300, 'experimental')
Architecture: i386 (x86_64)

Kernel: Linux 2.6.31 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages xserver-xorg depends on:
ii  console-setup                 1.45       console font and keymap setup prog
ii  hal                           0.5.13-3   Hardware Abstraction Layer
ii  libc6                         2.10.1-5   GNU C Library: Shared libraries
ii  x11-xkb-utils                 7.4+3      X11 XKB utilities
ii  xkb-data                      1.6-1      X Keyboard Extension (XKB) configu
ii  xserver-xorg-core             2:1.6.5-1  Xorg X server - core server
ii  xserver-xorg-input-evdev [xse 1:2.2.5-1  X.Org X server -- evdev input driv
ii  xserver-xorg-input-kbd [xserv 1:1.3.2-4  X.Org X server -- keyboard input d
ii  xserver-xorg-input-mouse [xse 1:1.4.0-4  X.Org X server -- mouse input driv
ii  xserver-xorg-video-radeonhd [ 1.2.5-1    X.Org X server -- AMD/ATI r5xx, r6

Versions of packages xserver-xorg recommends:
ii  libgl1-mesa-dri               7.6-1      A free implementation of the OpenG
ii  udev                          146-5      /dev/ and hotplug management daemo

xserver-xorg suggests no packages.

-- debconf information excluded

--- End Message ---
--- Begin Message --- 
Source: xorg-server
Source-Version: 2:1.7.2-1

We believe that the bug you reported is fixed in the latest version of
xorg-server, which is due to be installed in the Debian FTP archive:

xdmx-tools_1.7.2-1_i386.deb
  to main/x/xorg-server/xdmx-tools_1.7.2-1_i386.deb
xdmx_1.7.2-1_i386.deb
  to main/x/xorg-server/xdmx_1.7.2-1_i386.deb
xnest_1.7.2-1_i386.deb
  to main/x/xorg-server/xnest_1.7.2-1_i386.deb
xorg-server_1.7.2-1.diff.gz
  to main/x/xorg-server/xorg-server_1.7.2-1.diff.gz
xorg-server_1.7.2-1.dsc
  to main/x/xorg-server/xorg-server_1.7.2-1.dsc
xorg-server_1.7.2.orig.tar.gz
  to main/x/xorg-server/xorg-server_1.7.2.orig.tar.gz
xserver-common_1.7.2-1_all.deb
  to main/x/xorg-server/xserver-common_1.7.2-1_all.deb
xserver-xephyr_1.7.2-1_i386.deb
  to main/x/xorg-server/xserver-xephyr_1.7.2-1_i386.deb
xserver-xfbdev_1.7.2-1_i386.deb
  to main/x/xorg-server/xserver-xfbdev_1.7.2-1_i386.deb
xserver-xorg-core-dbg_1.7.2-1_i386.deb
  to main/x/xorg-server/xserver-xorg-core-dbg_1.7.2-1_i386.deb
xserver-xorg-core_1.7.2-1_i386.deb
  to main/x/xorg-server/xserver-xorg-core_1.7.2-1_i386.deb
xserver-xorg-dev_1.7.2-1_i386.deb
  to main/x/xorg-server/xserver-xorg-dev_1.7.2-1_i386.deb
xvfb_1.7.2-1_i386.deb
  to main/x/xorg-server/xvfb_1.7.2-1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 555308@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Julien Cristau <jcristau@debian.org> (supplier of updated xorg-server package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 28 Nov 2009 16:48:43 +0100
Source: xorg-server
Binary: xserver-xorg-core xserver-xorg-dev xdmx xdmx-tools xnest xvfb xserver-xephyr xserver-xfbdev xserver-xorg-core-dbg xserver-common
Architecture: source all i386
Version: 2:1.7.2-1
Distribution: experimental
Urgency: low
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Julien Cristau <jcristau@debian.org>
Description: 
 xdmx       - distributed multihead X server
 xdmx-tools - Distributed Multihead X tools
 xnest      - Nested X server
 xserver-common - common files used by various X servers
 xserver-xephyr - nested X server
 xserver-xfbdev - Linux framebuffer device tiny X server
 xserver-xorg-core - Xorg X server - core server
 xserver-xorg-core-dbg - Xorg - the X.Org X server (debugging symbols)
 xserver-xorg-dev - Xorg X server - development files
 xvfb       - Virtual Framebuffer 'fake' X server
Closes: 521075 555308
Changes: 
 xorg-server (2:1.7.2-1) experimental; urgency=low
 .
   * New upstream release
     + Xorg sets umask to 022 (closes: #555308)
   * Delete 09_debian_xserver_rtff.diff.  Was disabled since 1.3.99, and is not
     necessary since the fall back to builtin fonts was added.
   * Change the server's dependency on xserver-common to >= ${source:Version},
     to allow installation of different versions of the various servers.
   * Add build-dep on libglib2.0-dev, xkb-data and x11-xkb-utils for unit
     tests, and run the tests unless nocheck is in DEB_BUILD_OPTIONS.
   * Cherry-pick upstream commit to turn ModeDebug on during server startup,
     replacing our Turn-on-ModeDebug-by-default.patch.
   * Number our patches to make it easier to keep track of things.  Requested
     by the Ubuntu folks.
   * xvfb-run: retry a few times if Xvfb can't be started when using
     --auto-servernum, to make concurrent invocations work (closes: #521075).
     Thanks, Kees Cook!
   * Use libudev instead of libhal for input hotplug on linux.
   * Add udev rule to get keymap from /etc/default/keyboard.
Checksums-Sha1: 
 dda17abfef3be29dd66bb87f82667e805a8571d7 4137 xorg-server_1.7.2-1.dsc
 33ea0f2d66173d1ebc0de7739ae0f5ac49d86013 6612626 xorg-server_1.7.2.orig.tar.gz
 d242ef0acc464cd955473bb464b7143b1fb48ccb 331878 xorg-server_1.7.2-1.diff.gz
 f3f91be029fafc52307a3d49b30ddb219c84caf9 52684 xserver-common_1.7.2-1_all.deb
 e9eee01c707fae8151250206262d86a51f75ca5d 2327760 xserver-xorg-core_1.7.2-1_i386.deb
 8ea0704978d8b62bb5cfb87ed903d094fb7915aa 1169022 xserver-xorg-dev_1.7.2-1_i386.deb
 c066bca0338a3c9c9761e0f3a2b6ad874a6c6968 1634414 xdmx_1.7.2-1_i386.deb
 49bedc59e6794aef0787fc0b34ce81d0b8b2be16 979354 xdmx-tools_1.7.2-1_i386.deb
 fae5c4325b00b569c5229d3378566dc5eacf8095 1549104 xnest_1.7.2-1_i386.deb
 4abf762fe88206a536ce3746a548332579ae5c67 1659074 xvfb_1.7.2-1_i386.deb
 14068e140f05fac7f3987b0b81d599822d149afd 1735234 xserver-xephyr_1.7.2-1_i386.deb
 291aa2e217e9db29dfc9a2ebbd1f45071ca3c3ed 1681406 xserver-xfbdev_1.7.2-1_i386.deb
 79a90e691ac152283f80395e7ebd7a725b8ed368 5770348 xserver-xorg-core-dbg_1.7.2-1_i386.deb
Checksums-Sha256: 
 34a99fd8ff182bc538db2d320ef14b41891263de0bc9da63e006d776d85a8c38 4137 xorg-server_1.7.2-1.dsc
 5f787adb5a154120b2291c118a41b5b1a057c9c0eebf68ba7a0c258813ca047d 6612626 xorg-server_1.7.2.orig.tar.gz
 10f999e52e6b609ed2017c49ff1a774420dcbe857bc77aeaaab465fd1d39acf6 331878 xorg-server_1.7.2-1.diff.gz
 c1a6cd9b11601ed01750a624fd10553176de94de43c2a08a8262618726fa1625 52684 xserver-common_1.7.2-1_all.deb
 e06e244e58361a70a066a65d90f575ac15bbd00319b6a54886739698d6e7ef46 2327760 xserver-xorg-core_1.7.2-1_i386.deb
 d0ab213ee1287e1a19af791d6c0fd7e530e8782030a70a68022e7f49db26b091 1169022 xserver-xorg-dev_1.7.2-1_i386.deb
 f224b788c04735b457025f485e826b6d4a1905a65e5a1cdbe9037d1f96bf10af 1634414 xdmx_1.7.2-1_i386.deb
 6f7c49129270db57a0094160dc03629a9b8e2e7be49b1eba5bbb3ee0d896b214 979354 xdmx-tools_1.7.2-1_i386.deb
 be0606d2b9f10ee7770722dc9fc16a481cce76229e6069eb916d78b2d1169ba7 1549104 xnest_1.7.2-1_i386.deb
 65b75ada5797755ab98e5ff41a32b63f6e9aa5e7dfb2012cf0eec488aeab2b7c 1659074 xvfb_1.7.2-1_i386.deb
 d7005d384183159a9f0547671c64dae043e2392bc196da8e23c09207fbe60839 1735234 xserver-xephyr_1.7.2-1_i386.deb
 c885165d44a467469714586caca3a42fedbbbc682a551814daa776f3830f1fcc 1681406 xserver-xfbdev_1.7.2-1_i386.deb
 bc9e37dddf252bcb323b061e6215df42238ca4e1128cc7bb37af846e610a8792 5770348 xserver-xorg-core-dbg_1.7.2-1_i386.deb
Files: 
 680bbe04a957a5a6110ce288cd24ee37 4137 x11 optional xorg-server_1.7.2-1.dsc
 3c83b13190bccfb8aa15316770483d03 6612626 x11 optional xorg-server_1.7.2.orig.tar.gz
 e29687d3d3a3591dcdfd8339e20cb92d 331878 x11 optional xorg-server_1.7.2-1.diff.gz
 cf05d07efd399e70c638665994c809e3 52684 x11 optional xserver-common_1.7.2-1_all.deb
 2d6ed64dce8852d4100332bc286883af 2327760 x11 optional xserver-xorg-core_1.7.2-1_i386.deb
 9b6ac72517ddae34112cbcf325701fe1 1169022 x11 optional xserver-xorg-dev_1.7.2-1_i386.deb
 ff05c10f2432e4ed8bcb9055d6891625 1634414 x11 optional xdmx_1.7.2-1_i386.deb
 1a6a97a33858c87d2098abdfbc00a3dc 979354 x11 optional xdmx-tools_1.7.2-1_i386.deb
 29bab94a4fecda53699985259e00c560 1549104 x11 optional xnest_1.7.2-1_i386.deb
 c696082f60bc28e3bd94979d07e9c08f 1659074 x11 optional xvfb_1.7.2-1_i386.deb
 2598935cf0cb71428d09ee54b39a386e 1735234 x11 optional xserver-xephyr_1.7.2-1_i386.deb
 283fc717eb0f4d88b8339a341837bfa0 1681406 x11 optional xserver-xfbdev_1.7.2-1_i386.deb
 1848c284d60e801257caecaf23c9c2c5 5770348 debug extra xserver-xorg-core-dbg_1.7.2-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBCAAGBQJLEUpcAAoJEDEBgAUJBeQMUVwP/3ZepiQ/hNF32JOM14yK+CEj
P7yn1xuT4NOv64EkLKsBGtxWO3zejKWonBjuICbHVXts8r5C7tcAKq0ZAxFaOHoq
JieI37vZCNsEoXfobO6nQ/9qHql18/oNlYRMhRvOaGTS5VPMO9uEnswaZEEFHUuV
y3w7xgcigJWHFVbd8uwWmyd9maUMcMnskL8WfxoaDq1D+spOQbcdYtVZ/gBSroFD
zLOfmTxADKbgGV2KJW2c7iHZlILuwaT3vkDkm/katQ3T3bCJKmqlD2K3lvW0KgP4
eulxQc0jHjBQxY5g3TwJfrpyBj1g/WuCFLv2IKY8b4G6/vdupoVhO5YI5sAzXHPh
ezHtRONl+daAoWwlTKH1FPzMaW6n5tCEo4Pz0ABGtZP30T0sZUmp17dn7XdPo9WW
HixyZvsQT6x3pXWmqcDEsTGd4ANw26kI3iIvbNMsHQ0FnwMN3rHyOt+Nkumf42OJ
eCjJwKx00mNtYQhyMZTPBvz6N71nnkYdboKGzYSMYJHBkImN/lbOh2pUkieaNpSQ
AL/dCOCf4SXBC0bxpAqPCWwX2HRCaDn4WC9wO+uw/b/ZQGgS39WUIFN/YvknoTjb
5aeZXBa9BGZQb6qnGh1QPG2nJIJLdp/Tcuqb0Nn2nHnJOVIN4NjEwts3poiIPPmx
7s9UEgAsVT/aHkV8giJ/
=Gble
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: