I can replicate the bug with creating a root owned /rootfile and ln -s /rootfile ~/.Xauthority. lightdm changes /rootfile then.
Writing ~/.dmrc uses g_file_set_contents() which is safe against symlink attacks. However, it's still more robust to drop privileges instead of chown()ing. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/834079 Title: files written as root to user-controlled folders To manage notifications about this bug go to: https://bugs.launchpad.net/lightdm/+bug/834079/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
