oss-sec mailing list archives
X server umask issue
From: Josh Bressers <bressers () redhat com>
Date: Mon, 9 Nov 2009 11:09:55 -0500 (EST)
Hi everyone, I'm looking for a second opinion, and wondering if anyone has some extra insight into this Debian bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555308 It seems that the suid X server inherits the users umask, and if you have a umask of 0, the X log file will end up being world writable. This is obviously a very silly thing to do anyhow, so I question if that's a security flaw itself. It is a bug that should probably be fixed I'd say. What I am wondering though, are there other files the X server creates that could be an issue for this? I'm not aware of any, but I'm also not an expert by any stretch of the imagination. Am I missing something else? Thanks. -- JB
Current thread:
- X server umask issue Josh Bressers (Nov 09)
- Re: X server umask issue Steve Kemp (Nov 09)
- Re: X server umask issue Julien Cristau (Nov 09)
- Re: X server umask issue Florian Weimer (Nov 09)
- Re: X server umask issue Steve Kemp (Nov 09)