Package: xorg Version: 1:7.7+7 Severity: normal Tags: patch Hi, I noticed today that my umask is 077 for some reason, which happens to be a problem for me. I grepped /etc to see where this could be coming from, and found this line in /etc/X11/Xsession: if (umask 077 && touch "$ERRFILE") 2> /dev/null && [ -w "$ERRFILE" ] &&
I've since confirmed that that's the cause of the problem. Here's the commit that added this: commit 8b2df98c792aa52f181624206d9ed9331eaba5a8 Author: Julien Cristau <[email protected]> Date: Tue Feb 20 10:12:25 2007 +0100 debian/local/Xsession: set temporary umask when creating $ERRFILE. Thanks to Timo Aaltonen for pointing out this change in the Ubuntu package. Reference: CVE-2006-5214. We can see that the original intent for this change was that it be a temporary change to umask. However, it doesn't seem to work out that way. I've made a small change to fix the issue, confirmed that it makes a difference on my system, and created a git commit out of it. See the attached patch file. Thanks, Simon
From c450d26249dfb772ad09652a15a57900af7227c9 Mon Sep 17 00:00:00 2001 From: Simon Ruggier <[email protected]> Date: Thu, 23 Apr 2015 12:09:10 -0400 Subject: [PATCH] Xsession: Fix accidental permanent change to umask This change fixes the umask change in debian/local/Xsession so that it's actually temporary, as was originally intended according to the commit that added it. --- debian/local/Xsession | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/debian/local/Xsession b/debian/local/Xsession index 6ad7d6e..762682e 100644 --- a/debian/local/Xsession +++ b/debian/local/Xsession @@ -61,6 +61,7 @@ ALTUSERXSESSION=$HOME/.Xsession ERRFILE=$HOME/.xsession-errors # attempt to create an error file; abort if we cannot +UMASK_OLD=$(umask -p) if (umask 077 && touch "$ERRFILE") 2> /dev/null && [ -w "$ERRFILE" ] && [ ! -L "$ERRFILE" ]; then chmod 600 "$ERRFILE" @@ -74,6 +75,9 @@ else errormsg "unable to create X session log/error file; aborting." fi +# restore the previously set umask +$UMASK_OLD + exec >>"$ERRFILE" 2>&1 echo "$PROGNAME: X session started for $LOGNAME at $(date)" -- 2.1.4
