Bug #5897 <https://bugs.freedesktop.org/show_bug.cgi?id=5897>

Create xsession error file with umask 077 instead of chmod a moment later so others can't open first. This was reported by Steven M. Bellovin to NetBSD http://www.netbsd.org/cgi-bin/query-pr-single.pl?number=32804 Reviewed by Alan Coopersmith via xorg_security list.
author: Jeremy C. Reed <reed@reedmedia.net> 2006-02-24 21:36:13 +0000
committer: Jeremy C. Reed <reed@reedmedia.net> 2006-02-24 21:36:13 +0000
commit: f82da0960018bfa4237d3d8239cf84d880673e6a (patch)
tree: 242e28a0c6a6905355e0929f6d0b49b031a3b7fd /config
parent: 2a01568e61905944a59a7a8b34f22e08ccd25937 (diff)
1 files changed, 1 insertions, 2 deletions
diff --git a/config/Xsession.cpp b/config/Xsession.cpp
index 6d4fabd..4f80d78 100644
--- a/config/Xsession.cpp
+++ b/config/Xsession.cpp
@@ -6,9 +6,8 @@ XCOMM $XFree86: xc/programs/xdm/config/Xsession,v 1.2 1998/01/11 03:48:32 dawes
 XCOMM redirect errors to a file in user's home directory if we can
 for errfile in "$HOME/.xsession-errors" "${TMPDIR-/tmp}/xses-$USER" "/tmp/xses-$USER"
 do
-	if ( cp /dev/null "$errfile" 2> /dev/null )
+	if ( umask 077 && cp /dev/null "$errfile" 2> /dev/null )
 	then
-		chmod 600 "$errfile"
 		exec > "$errfile" 2>&1
 		break
 	fi
author	Jeremy C. Reed <reed@reedmedia.net>	2006-02-24 21:36:13 +0000
committer	Jeremy C. Reed <reed@reedmedia.net>	2006-02-24 21:36:13 +0000
commit	f82da0960018bfa4237d3d8239cf84d880673e6a (patch)
tree	242e28a0c6a6905355e0929f6d0b49b031a3b7fd /config
parent	2a01568e61905944a59a7a8b34f22e08ccd25937 (diff)