Package: lightdm Version: 1.6.0-3 Severity: important I noticed this issue a couple of months ago.
lightdm likes to create (backup?) copies of .Xauthority files for some reason. I never paid attention to the dynamics, but I have a dozen .Xauthority.* files in my ~ which look like stale cookies and/or temporary files created by mkstemp(2) or a similar function. Moreover, all these files, *including* the current .Xauthority file are created 0644, which is a (grave) security issue by itself. This effect also seems to be reported in ubuntu, with no action: https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/1175023 -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (900, 'unstable'), (800, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.10-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages lightdm depends on: ii adduser 3.113+nmu3 ii consolekit 0.4.5-3.1 ii dbus 1.6.12-1 ii debconf [debconf-2.0] 1.5.51 ii libc6 2.17-92+b1 ii libgcrypt11 1.5.3-2 ii libglib2.0-0 2.36.4-1 ii libpam0g 1.1.3-9 ii libxcb1 1.9.1-3 ii libxdmcp6 1:1.1.1-1 ii lightdm-gtk-greeter [lightdm-greeter] 1.6.0-1 Versions of packages lightdm recommends: ii xserver-xorg 1:7.7+3 Versions of packages lightdm suggests: pn accountsservice <none> pn upower <none> -- debconf information: lightdm/daemon_name: /usr/sbin/lightdm * shared/default-x-display-manager: lightdm -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org