** Changed in: xorg (Ubuntu)
Status: Triaged => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to xorg in Ubuntu.
https://bugs.launchpad.net/bugs/623294
Title:
/etc/init.d/x11-common's chmod 1777 fails to clear setuid and setgid
Status in xorg package in Ubuntu:
Fix Released
Bug description:
Binary package hint: xorg
/etc/init.d/x11-common in package x11-common, version 1:7.5+5ubuntu1
from 10.04 includes
$ awk 'BEGIN {RS = ""; ORS = "\n\n"} /chmod/' /etc/init.d/x11-common
set_up_socket_dir () {
if [ "$VERBOSE" != no ]; then
log_begin_msg "Setting up X server socket directory $SOCKET_DIR..."
fi
if [ -e $SOCKET_DIR ] && [ ! -d $SOCKET_DIR ]; then
mv $SOCKET_DIR $SOCKET_DIR.$$
fi
mkdir -p $SOCKET_DIR
chown root:root $SOCKET_DIR
chmod 1777 $SOCKET_DIR
do_restorecon $SOCKET_DIR
[ "$VERBOSE" != no ] && log_end_msg 0 || return 0
}
set_up_ice_dir () {
if [ "$VERBOSE" != no ]; then
log_begin_msg "Setting up ICE socket directory $ICE_DIR..."
fi
if [ -e $ICE_DIR ] && [ ! -d $ICE_DIR ]; then
mv $ICE_DIR $ICE_DIR.$$
fi
mkdir -p $ICE_DIR
chown root:root $ICE_DIR
chmod 1777 $ICE_DIR
do_restorecon $ICE_DIR
[ "$VERBOSE" != no ] && log_end_msg 0 || return 0
}
$
Both functions allow for the directory, /tmp/.X11-unix or
/tmp/.ICE-unix, to already exist. They then attempt to ensure it has
the correct owner, group, and permissions. But the
chmod 1777 ...
fails to do this. chmod(1) says
chmod preserves a directory's set-user-ID and set-group-ID bits
unless you explicitly specify otherwise. You can set or clear the
bits with symbolic modes like u+s and g-s, and you can set (but not
clear) the bits with a numeric mode.
This is allowed by chmod(1posix).
For an octal integer mode operand, the file mode bits shall be set
absolutely. [Sounds good so far.]
For each bit set in the octal number, the corresponding file
permission bit [meaning rwx] shown in the following table shall be
set; all other file permission bits shall be cleared. For regular
files, for each bit set in the octal number corresponding to the
set-user-ID-on-execution or the set-group-ID-on-execution, bits
shown in the following table shall be set; if these bits are not set
in the octal number, they are cleared. [Good.] For other file
types [e.g. directories], it is implementation-defined whether or
not requests to set or clear the set-user-ID-on-execution or
set-group-ID-on-execution bits are honored.
IOW, the numeric mode 1777 will *never* clear the setuid and setgid
bits. A symbolic mode must be used to do this.
$ mkdir foo
$ l -d foo
drwxr-xr-x 2 ralph ralph 4096 2010-08-24 11:07 foo
$ chmod 1777 foo
$ l -d foo
drwxrwxrwt 2 ralph ralph 4096 2010-08-24 11:07 foo
Correct. x11-common's chmod works in this case.
$ chmod u+s foo
$ l -d foo
drwsrwxrwt 2 ralph ralph 4096 2010-08-24 11:07 foo
$ chmod 1777 foo
$ l -d foo
drwsrwxrwt 2 ralph ralph 4096 2010-08-24 11:07 foo
Wrong. It fails to clear setuid.
$ chmod u-s,g+s foo
$ l -d foo
drwxrwsrwt 2 ralph ralph 4096 2010-08-24 11:07 foo
$ chmod 1777 foo
$ l -d foo
drwxrwsrwt 2 ralph ralph 4096 2010-08-24 11:07 foo
Wrong. Nor does it clear setgid.
$ chmod a-s=rwxt foo
$ l -d foo
drwxrwxrwt 2 ralph ralph 4096 2010-08-24 11:07 foo
$
The symbolic `a-s=rwxt' should be used for both of x11-common's chmods
in order to have the desired effect.
Because of the incorrect 1777, users are seeing errors from xorg's
xserver-wrapper.c,
X: /tmp/.X11-unix has suspicious mode (not 1777) or is not a
directory, aborting.
see bug #622179. Perhaps this is being caused by the parent directory,
/tmp, being setgid and this is inherited by the mkdir(1), see mkdir(2),
and not cleared by the chmod.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xorg/+bug/623294/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
