wrong permission on xauthority file
Bug #685212 reported by
Yves-Alexis Perez
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Light Display Manager |
Fix Released
|
High
|
Unassigned |
Bug Description
By default, the Xauthority file is created with mode 644, enabling any user to hijack another user X screen.
Attached patch seems to fix the problem for me.
CVE References
Changed in lightdm: | |
status: | New → Fix Committed |
importance: | Undecided → High |
Changed in lightdm: | |
status: | Fix Committed → Fix Released |
information type: | Private Security → Public Security |
information type: | Public Security → Private Security |
information type: | Private Security → Public Security |
To post a comment you must log in.
Hmmh, btw it might be cleaner to use G_FILE_ CREATE_ PRIVATE in g_file_replace() instead of changing the mode afterward, I just discovered that.