Package: x11-common Version: 1:7.3+20 Severity: minor Tags: patch In x11-common.postinst the /etc/X11/Xwrapper.config gets created using tmpfile ($NEW_XWRAPPER_CONFIG). By default, tmpfile creates temp file with mode 0600. With that mode the new file is installed to the right place.
There's no security-sensible information in this file, unlike, say, /etc/shadow which has to have restrictive permissions, -- this file only contains two settings used by X setuid wrapper, which are also available from debconf database. It is not usually a problem to have that file mode 0600. But this becomes problematic when, for example, the client is run off an NFS root (where I've actually hit this issue). And generally, non- security-sensitive files aren't created with mode 0600. The fix is trivial: tempfile now has -m MODE argument, so replacing NEW_XWRAPPER_CONFIG=$(tempfile) with NEW_XWRAPPER_CONFIG=$(tempfile -m 0644) is enough. So I'm tagging this as "patch available" :) This bug is very old, it's here since xfree86-4.3.0 (Jul 2004) or even pre-dates that. Thanks! /mjt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org