Package: x11-common
Version: 1:7.5+8
Tags: security
The init script "x11-common" creates directories "/tmp/.X11-unix" and
"/tmp/.ICE-unix" in insecure manners.
$ cat -n /etc/init.d/x11-common
[...]
33if [ -e $SOCKET_DIR ] && [ ! -d $SOCKET_DIR ]; then
34 mv $SOCKET_DIR $SO
On Tue, Feb 28, 2012 at 06:42:59PM +0100, Julien Cristau wrote:
> > As a solution, I would suggest to take care of the "mkdir" return codes
> > (line 36 and 50). To do not change permissions on failures.
> >
> This script is set -e AFAICT, which means it already does care about the
> mk
On Tue, Feb 28, 2012 at 06:42:59PM +0100, Julien Cristau wrote:
> > As a solution, I would suggest to take care of the "mkdir" return codes
> > (line 36 and 50). To do not change permissions on failures.
And as a solution, I suggested to check the return code of "mkdir" (ran
without -p)
CVE-2012-1093 has been assigned for this issue.
On Tue, Feb 28, 2012 at 08:21:39PM +0100, Julien Cristau wrote:
> Right, makes sense. I can drop the -p, I guess. Not sure what impact
> that would have on things assuming they can use /tmp/.X11-unix (I
> wouldn't really like to fix this just to ha
Julien, thank you for putting me back in CC. ;)
On Thu, Mar 01, 2012 at 09:48:47PM +0100, Julien Cristau wrote:
> On Thu, Mar 1, 2012 at 12:39:41 -0800, Tim wrote:
> > > > Note that the "chown root:root $SOCKET_DIR" also seems redundant to me
> > > > (if we didn't already own it, we would have b
Oops, I forgot "then" in my last post:
- if [ ! -O $SOCKET_DIR ];
+ if [ ! -O $SOCKET_DIR ]; then
I have attached a patch. Hope this helps.
--- a/debian/x11-common.init 2010-09-04 19:26:52.0 +0200
+++ b/debian/x11-common.init 2012-03-02 13:37:29.0 +0100
@@ -26,16 +26,26 @@
f
On Fri, Mar 02, 2012 at 02:29:33PM +0100, Julien Cristau wrote:
> I'm not convinced the chown can be removed. And 'mkdir -m 1777 foo' is
> not any more atomic than 'mkdir foo && chmod 1777 foo'.
The command "mkdir -m" calls the mkdir() syscall, and its second
argument seems to be the mode.
the X server. This
file also needs to be readable by the user.
For instance, files "/dev/tty" and "/dev/ptmx" match those conditions:
$ ls -l /dev/tty /dev/ptmx
crw-rw-rw- 1 root root 5, 2 14 déc. 18:43 /dev/ptmx
crw-rw-rw- 1 root root 5, 0 12 déc. 23:03 /dev/tty
Here
8 matches
Mail list logo
