On Thu, Apr 23, 2015 at 13:12:18 -0400, Simon Ruggier wrote: > Package: xorg > Version: 1:7.7+7 > Severity: normal > Tags: patch > > Hi, I noticed today that my umask is 077 for some reason, which happens to be > a > problem for me. I grepped /etc to see where this could be coming from, and > found this line in /etc/X11/Xsession: > if (umask 077 && touch "$ERRFILE") 2> /dev/null && [ -w "$ERRFILE" ] && > > I've since confirmed that that's the cause of the problem. Here's the commit > that added this: > commit 8b2df98c792aa52f181624206d9ed9331eaba5a8 > Author: Julien Cristau <jcris...@debian.org> > Date: Tue Feb 20 10:12:25 2007 +0100 > > debian/local/Xsession: set temporary umask when creating $ERRFILE. > > Thanks to Timo Aaltonen for pointing out this change in the Ubuntu > package. > Reference: CVE-2006-5214. > > We can see that the original intent for this change was that it be a > temporary change to umask. However, it doesn't seem to work out that way. I've > made a small change to fix the issue, confirmed that it makes a difference on > my system, and created a git commit out of it. See the attached patch file. > How would that happen? We set umask in a subshell, the original shell shouldn't be affected...
Cheers, Julien
signature.asc
Description: Digital signature