On Mon, Mar 01, 2004 at 10:27:32AM -0500, Branden Robinson wrote: > On Sun, Feb 29, 2004 at 05:23:46PM -0500, Joey Hess wrote: > > Tomasz Wegrzanowski wrote: > > > When I tried it as root, X worked, but the /dev/null became 0600. > > > So it seems it wants to chmod 0600 .xsession-errors. > > > > That would probably be a security hole (at least a DOS: make ld.so 600 > > and the system stops working), but I cannot reproduce it with > > xserver-xfree86 4.2.1-10. > > It is the Xsession script in /etc/X11 that does this chmod.
<deleted> > [question to the general public:] Do you think this chmod should just go > away? Considering the tendency of X applications to spew gods only know what to stdout/stderr, and thus into .xsession-errors, this is probably still a good idea. I can't point to a case where there'd actually be security-sensitive information included therein, but if there were... Paranoia over all, I suppose. -- Marc Wilson | "You who hate the Jews so, why did you adopt their [EMAIL PROTECTED] | religion?" -- Friedrich Nietzsche, addressing | anti-semitic Christians