On Sun, Feb 29, 2004 at 05:23:46PM -0500, Joey Hess wrote: > Tomasz Wegrzanowski wrote: > > When I tried it as root, X worked, but the /dev/null became 0600. > > So it seems it wants to chmod 0600 .xsession-errors. > > That would probably be a security hole (at least a DOS: make ld.so 600 > and the system stops working), but I cannot reproduce it with > xserver-xfree86 4.2.1-10.
It is the Xsession script in /etc/X11 that does this chmod. 80 # attempt to create an error file; abort if we cannot 81 if touch $ERRFILE 2> /dev/null && [ -w $ERRFILE ]; then 82 chmod 600 "$ERRFILE" 83 elif ERRFILE=$(tempfile 2> /dev/null); then 84 if ! ln -sf "$ERRFILE" "${TMPDIR:=/tmp}/xsession-$USER"; then 85 message "warning: unable to symlink \"$TMPDIR/xsession-$USER\" to" \ 86 "\"$ERRFILE\"; look for session log/errors in" \ 87 "\"$TMPDIR/xsession-$USER\"." 88 fi 89 else 90 errormsg "unable to create X session log/error file; aborting." 91 fi [question to the general public:] Do you think this chmod should just go away? I could only do the chmod if $ERRFILE is a symlink, I suppose. Would that be better? -- G. Branden Robinson | If you're handsome, it's flirting. Debian GNU/Linux | If you're a troll, it's sexual [EMAIL PROTECTED] | harassment. http://people.debian.org/~branden/ | -- George Carlin
signature.asc
Description: Digital signature