Bug#721744: [Pkg-xfce-devel] Bug#721744: Pollutes home with .Xauthority.* files (with bad permissions)
On 09/04/2013 09:46 PM, Yuri D'Elia wrote: > On 09/04/2013 09:35 PM, Yves-Alexis Perez wrote: >> I don't have .Xauthority files polluting my homedir so I'm not sure what >> happens to you, but the 0644 perms indeed don't look too good. > > A quick test revealed that those .Xauthority.* files are created when > the machine is shutdown (via halt, or acpi power button event) and then > brought up again. I should add that I'm using systemd, which might affect how the X session is brought down. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#721744: [Pkg-xfce-devel] Bug#721744: Pollutes home with .Xauthority.* files (with bad permissions)
On 09/04/2013 09:35 PM, Yves-Alexis Perez wrote: > I don't have .Xauthority files polluting my homedir so I'm not sure what > happens to you, but the 0644 perms indeed don't look too good. A quick test revealed that those .Xauthority.* files are created when the machine is shutdown (via halt, or acpi power button event) and then brought up again. I assume that lightdm tries to make backup copies when .Xauthority is already present. It should try to query the X server for validity instead and zap the file. I had around 50 files or so in my home directory. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#721744: [Pkg-xfce-devel] Bug#721744: Pollutes home with .Xauthority.* files (with bad permissions)
On mer., 2013-09-04 at 21:54 +0200, Yuri D'Elia wrote: > On 09/04/2013 09:46 PM, Yuri D'Elia wrote: > > On 09/04/2013 09:35 PM, Yves-Alexis Perez wrote: > >> I don't have .Xauthority files polluting my homedir so I'm not sure what > >> happens to you, but the 0644 perms indeed don't look too good. > > > > A quick test revealed that those .Xauthority.* files are created when > > the machine is shutdown (via halt, or acpi power button event) and then > > brought up again. > > I should add that I'm using systemd, which might affect how the X > session is brought down. > Yes, it might be related since, I'm using sysvrc. Note that file is written using g_file_set_contents(), and the doc says (https://developer.gnome.org/glib/2.37/glib-File-Utilities.html#g-file-set-contents): Note that the name for the temporary file is constructed by appending up to 7 characters to filename. So it might just be the temporary file which is leftover somehow, since return code for g_file_set_contents() is not checked (http://sources.debian.net/src/lightdm/1.6.0-3/src/xauthority.c#L332) I've followed up on a bug I opened few years ago with the same kind of issue, but which is /still/ private currently, will report back when I have news. Basically proper fix would be to: - set the umask correctly before using g_file_set_contents() - check the error code and do something sane in case it fails Regards, -- Yves-Alexis signature.asc Description: This is a digitally signed message part
Bug#721744: [Pkg-xfce-devel] Bug#721744: Pollutes home with .Xauthority.* files (with bad permissions)
On mar., 2013-09-03 at 19:10 +0200, Yuri D'Elia wrote: > I noticed this issue a couple of months ago. > > lightdm likes to create (backup?) copies of .Xauthority files for some > reason. > I never paid attention to the dynamics, but I have a > dozen .Xauthority.* files > in my ~ which look like stale cookies and/or temporary files created > by > mkstemp(2) or a similar function. > > Moreover, all these files, *including* the current .Xauthority file > are created > 0644, which is a (grave) security issue by itself. > > This effect also seems to be reported in ubuntu, with no action: > > https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/1175023 I don't have .Xauthority files polluting my homedir so I'm not sure what happens to you, but the 0644 perms indeed don't look too good. Stay tuned. Regards, -- Yves-Alexis signature.asc Description: This is a digitally signed message part
Bug#721744: Pollutes home with .Xauthority.* files (with bad permissions)
Package: lightdm Version: 1.6.0-3 Severity: important I noticed this issue a couple of months ago. lightdm likes to create (backup?) copies of .Xauthority files for some reason. I never paid attention to the dynamics, but I have a dozen .Xauthority.* files in my ~ which look like stale cookies and/or temporary files created by mkstemp(2) or a similar function. Moreover, all these files, *including* the current .Xauthority file are created 0644, which is a (grave) security issue by itself. This effect also seems to be reported in ubuntu, with no action: https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/1175023 -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (900, 'unstable'), (800, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.10-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages lightdm depends on: ii adduser3.113+nmu3 ii consolekit 0.4.5-3.1 ii dbus 1.6.12-1 ii debconf [debconf-2.0] 1.5.51 ii libc6 2.17-92+b1 ii libgcrypt111.5.3-2 ii libglib2.0-0 2.36.4-1 ii libpam0g 1.1.3-9 ii libxcb11.9.1-3 ii libxdmcp6 1:1.1.1-1 ii lightdm-gtk-greeter [lightdm-greeter] 1.6.0-1 Versions of packages lightdm recommends: ii xserver-xorg 1:7.7+3 Versions of packages lightdm suggests: pn accountsservice pn upower -- debconf information: lightdm/daemon_name: /usr/sbin/lightdm * shared/default-x-display-manager: lightdm -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
