Bug#581338: x11-common sets wrong permissions for Xwrapper.config
Package: x11-common
Version: 1:7.3+20
Severity: minor
Tags: patch
In x11-common.postinst the /etc/X11/Xwrapper.config gets created using
tmpfile ($NEW_XWRAPPER_CONFIG). By default, tmpfile creates temp file
with mode 0600. With that mode the new file is installed to the right
place.
There's no security-sensible information in this file, unlike, say,
/etc/shadow which has to have restrictive permissions, -- this file
only contains two settings used by X setuid wrapper, which are also
available from debconf database.
It is not usually a problem to have that file mode 0600. But this
becomes problematic when, for example, the client is run off an NFS
root (where I've actually hit this issue). And generally, non-
security-sensitive files aren't created with mode 0600.
The fix is trivial: tempfile now has -m MODE argument, so replacing
NEW_XWRAPPER_CONFIG=$(tempfile)
with
NEW_XWRAPPER_CONFIG=$(tempfile -m 0644)
is enough. So I'm tagging this as "patch available" :)
This bug is very old, it's here since xfree86-4.3.0 (Jul 2004)
or even pre-dates that.
Thanks!
/mjt
Reply to: