Bug 5897 - race condition on $HOME/.xsession-errors being readable
race condition on $HOME/.xsession-errors being readable
Status: RESOLVED FIXED
Product: xorg
Classification: Unclassified
Component: App/xdm
7.0.0
x86 (IA32) NetBSD
: high critical
Assigned To: Xorg Project Team
:
Depends on:
Blocks: 5041
  Show dependency treegraph
 
Reported: 2006-02-16 03:27 UTC by Jeremy C. Reed
Modified: 2006-03-21 18:08 UTC (History)
0 users

See Also:
i915 platform:
i915 features:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jeremy C. Reed 2006-02-16 03:27:33 UTC
This is from NetBSD's PR: xsrc/32804
http://www.netbsd.org/cgi-bin/query-pr-single.pl?number=32804

Possible someone could open the $HOME/.xsession-errors" before it becomes
unreadable.

--- programs/xdm/config/Xsession.cpp.orig	2006-02-12 16:32:25.000000000 +0100
+++ programs/xdm/config/Xsession.cpp
@@ -6,9 +6,8 @@ XCOMM $XFree86: xc/programs/xdm/config/X
 XCOMM redirect errors to a file in user's home directory if we can
 for errfile in "$HOME/.xsession-errors" "${TMPDIR-/tmp}/xses-$USER"
"/tmp/xses-$USER"
 do
-	if ( cp /dev/null "$errfile" 2> /dev/null )
+	if ( umask 077 && cp /dev/null "$errfile" 2> /dev/null )
 	then
-		chmod 600 "$errfile"
 		exec > "$errfile" 2>&1
 		break
 	fi

I also emailed the xorg_security a couple days ago but no reply.

May I commit the above?
Comment 1 Jeremy C. Reed 2006-02-25 08:37:28 UTC
Committed fix to app/xdm/config/Xsession.cpp HEAD.
I am closing but didn't commit to monolithic.