Bug#783192: xorg: /etc/X11/Xsession accidentally sets the umask to 077

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#783192: xorg: /etc/X11/Xsession accidentally sets the umask to 077
From: Simon Ruggier <Simon.Ruggier@gmail.com>
Date: Thu, 23 Apr 2015 13:12:18 -0400
Message-id: <[🔎] CAFyaas2CzVD8nTVt4O=An=imGpWCTVJOXTRvv+9Uc=OXcRWCkw@mail.gmail.com>
Reply-to: Simon Ruggier <Simon.Ruggier@gmail.com>, 783192@bugs.debian.org

Package: xorg
Version: 1:7.7+7
Severity: normal
Tags: patch

Hi, I noticed today that my umask is 077 for some reason, which happens to be a
problem for me. I grepped /etc to see where this could be coming from, and
found this line in /etc/X11/Xsession:
if (umask 077 && touch "$ERRFILE") 2> /dev/null && [ -w "$ERRFILE" ] &&

I've since confirmed that that's the cause of the problem. Here's the commit
that added this:
commit 8b2df98c792aa52f181624206d9ed9331eaba5a8
Author: Julien Cristau <jcristau@debian.org>
Date:   Tue Feb 20 10:12:25 2007 +0100

    debian/local/Xsession: set temporary umask when creating $ERRFILE.

    Thanks to Timo Aaltonen for pointing out this change in the Ubuntu package.
    Reference: CVE-2006-5214.

We can see that the original intent for this change was that it be a
temporary change to umask. However, it doesn't seem to work out that way. I've
made a small change to fix the issue, confirmed that it makes a difference on
my system, and created a git commit out of it. See the attached patch file.

Thanks,
Simon

From c450d26249dfb772ad09652a15a57900af7227c9 Mon Sep 17 00:00:00 2001
From: Simon Ruggier <Simon80@gmail.com>
Date: Thu, 23 Apr 2015 12:09:10 -0400
Subject: [PATCH] Xsession: Fix accidental permanent change to umask

This change fixes the umask change in debian/local/Xsession so that it's
actually temporary, as was originally intended according to the commit
that added it.
---
 debian/local/Xsession | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/debian/local/Xsession b/debian/local/Xsession
index 6ad7d6e..762682e 100644
--- a/debian/local/Xsession
+++ b/debian/local/Xsession
@@ -61,6 +61,7 @@ ALTUSERXSESSION=$HOME/.Xsession
 ERRFILE=$HOME/.xsession-errors
 
 # attempt to create an error file; abort if we cannot
+UMASK_OLD=$(umask -p)
 if (umask 077 && touch "$ERRFILE") 2> /dev/null && [ -w "$ERRFILE" ] &&
   [ ! -L "$ERRFILE" ]; then
   chmod 600 "$ERRFILE"
@@ -74,6 +75,9 @@ else
   errormsg "unable to create X session log/error file; aborting."
 fi
 
+# restore the previously set umask
+$UMASK_OLD
+
 exec >>"$ERRFILE" 2>&1
 
 echo "$PROGNAME: X session started for $LOGNAME at $(date)"
-- 
2.1.4

Reply to:

Follow-Ups:
- Bug#783192: xorg: /etc/X11/Xsession accidentally sets the umask to 077
  - From: Julien Cristau <jcristau@debian.org>

Prev by Date: Bug#719059: marked as done (pixman 0.30 add mips(32,64)r2 asm support, then symbols changed)
Next by Date: Bug#722196: marked as done (libGL/libdricore: dispatch table seems off)
Previous by thread: Bug#719059: marked as done (pixman 0.30 add mips(32,64)r2 asm support, then symbols changed)
Next by thread: Bug#783192: xorg: /etc/X11/Xsession accidentally sets the umask to 077
Index(es):
- Date
- Thread