debian/changelog | 8 ++++++++ hw/xfree86/common/xf86Init.c | 4 +++- 2 files changed, 11 insertions(+), 1 deletion(-)
New commits: commit 82f5d08f06828c045c9a581040148bc9f2610a74 Author: Julien Cristau <[email protected]> Date: Sat Nov 21 13:11:35 2009 +0100 Update changelog diff --git a/debian/changelog b/debian/changelog index b222ff9..1e33d5c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +xorg-server (2:1.4.2-10.lenny3) UNRELEASED; urgency=low + + * Cherry-pick patch from upstream to set umask to a sane value in Xorg + before opening the log, so we don't create it world-writable (closes: + #555308). + + -- Julien Cristau <[email protected]> Sat, 21 Nov 2009 13:09:36 +0100 + xorg-server (2:1.4.2-10.lenny2) stable; urgency=low * Revert change from -10.lenny1. If both PCI and fb drivers are loaded, the commit 943647f1bfa9fda1c749238d0b8daa2846ae48e2 Author: Julien Cristau <[email protected]> Date: Sat Nov 14 18:39:00 2009 +0100 xfree86: set a sane umask before opening the log Xorg creates its log file following the umask of the user running startx, which may result in a world-writable log. Set umask to 022 to prevent this. Debian bug#555308 <http://bugs.debian.org/555308> See also http://thread.gmane.org/gmane.comp.security.oss.general/2299 Signed-off-by: Julien Cristau <[email protected]> Reviewed-by: Adam Jackson <[email protected]> Signed-off-by: Keith Packard <[email protected]> (cherry picked from commit 30be7ceaf228497ac1ff0a1123c1b35e3aa1fc73) diff --git a/hw/xfree86/common/xf86Init.c b/hw/xfree86/common/xf86Init.c index 0c9cbd4..f896eb4 100644 --- a/hw/xfree86/common/xf86Init.c +++ b/hw/xfree86/common/xf86Init.c @@ -986,8 +986,10 @@ OsVendorInit() loadableFonts = TRUE; #endif - if (!beenHere) + if (!beenHere) { + umask(022); xf86LogInit(); + } #if SET_STDERR_NONBLOCKING /* Set stderr to non-blocking. */ -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
