This is from NetBSD PR xsrc/32805 http://www.netbsd.org/cgi-bin/query-pr-single.pl?number=32805 In Xsession: if for some reason $HOME/.xsession-errors is not used, there is a race condition in the way the "${TMPDIR-/tmp}/xses-$USER" or "/tmp/xses-$USER" is created. I emaield about this to xorg_security a couple days ago, but no response. One idea is to create a subdirectory in /tmp (or $TMPDIR) (using umask 077 && mkdir) and then create file in it and then force a symlink from xses-$USER to that file. Or maybe use mktemp or similar if available.
Created attachment 4969 [details] [review] Proposed fix to xdm modular tree A proposed fix based on the NetBSD fix - uses mktemp if available, but leaves insecure code for systems without mktemp. Assumes $HOME is safe to write to without mktemp.
I didn't test this new patch, but I assume that all implementations of mktemp create a file only readable by the user. Looks okay. I'd probably get rid of that bad code anyways -- is it needed? If it reaches that part just fail with some error message. Or use umask && mkdir to make a temp directory, if that is successful create a file in it and then move into place (and remove that temp directory).
This feature (fallback to tmpdir when your home directory is unwritable) is little used enough and enough systems have a mktemp command that for now I'm just going to use mktemp and disable the alternate log paths on those without it. Should someone care enough about making this work on a system without mktemp, a patch to do something like the mkdir solution suggested above will be happily accepted in the future. Fix checked into modular CVS head: CVSROOT: /cvs/xorg Module name: app Changes by: alanc@kemper.freedesktop.org 06/03/18 03:43:18 Log message: 2006-03-17 Alan Coopersmith <alan.coopersmith@sun.com> * configure.ac: * config/Xsession.cpp: * config/Makefile.am: Bug #5898 <https://bugs.freedesktop.org/show_bug.cgi?id=5898> Use mktemp command to create files safely in TMPDIR or /tmp on systems that have it - don't try to create files there if mktemp is not present. Fix based on NetBSD fix from <http://www.netbsd.org/cgi-bin/query-pr-single.pl?number=32805> . Modified files: app/xdm/: ChangeLog configure.ac app/xdm/config/: Makefile.am Xsession.cpp Revision Changes Path 1.36 +11 -0 app/xdm/ChangeLog http://cvs.freedesktop.org/xorg/app/xdm/ChangeLog 1.35 +9 -2 app/xdm/configure.ac http://cvs.freedesktop.org/xorg/app/xdm/configure.ac 1.9 +6 -2 app/xdm/config/Makefile.am http://cvs.freedesktop.org/xorg/app/xdm/config/Makefile.am 1.4 +36 -8 app/xdm/config/Xsession.cpp http://cvs.freedesktop.org/xorg/app/xdm/config/Xsession.cpp Marking this bug as fixed for the modular/7.x branch. A clone will be needed for the 6.9.x branch.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.