On Mon, Mar 01, 2004 at 10:27:32AM -0500, Branden Robinson wrote:
> On Sun, Feb 29, 2004 at 05:23:46PM -0500, Joey Hess wrote:
> > Tomasz Wegrzanowski wrote:
> > > When I tried it as root, X worked, but the /dev/null became 0600.
> > > So it seems it wants to chmod 0600 .xsession-errors.
> >
> > That would probably be a security hole (at least a DOS: make ld.so 600
> > and the system stops working), but I cannot reproduce it with
> > xserver-xfree86 4.2.1-10.
>
> It is the Xsession script in /etc/X11 that does this chmod.
<deleted>
> [question to the general public:] Do you think this chmod should just go
> away?
Considering the tendency of X applications to spew gods only know what to
stdout/stderr, and thus into .xsession-errors, this is probably still a
good idea. I can't point to a case where there'd actually be
security-sensitive information included therein, but if there were...
Paranoia over all, I suppose.
--
Marc Wilson | "You who hate the Jews so, why did you adopt their
[EMAIL PROTECTED] | religion?" -- Friedrich Nietzsche, addressing
| anti-semitic Christians
