Ubuntu
xorg package

typos in failsafeXinit

Bug #348639 reported by Kees Cook on 2009-03-25

Affects		Status	Importance	Assigned to	Milestone
	xorg (Ubuntu)	Fix Released	Undecided	Unassigned

Bug Description

Binary package hint: xorg

From now-closed bug 310126:

-----
edit_config() {
backup_xorg_conf || return 1

    xorg_conf_tmp=$(mktmp "/tmp/xorg.conf.XXXXXXXX")
    cp /etc/X11/xorg_conf ${xorg_conf_tmp}
    zenity --text-info --editable --filename=${xorg_conf_tmp} --width=640 --height=480 > "/etc/X11/xorg.conf"
}

There is a typo on the cp line: /etc/X11/xorg_conf should be /etc/X11/xorg.conf .

Also, this will cause xorg.conf to be overwritten with an empty file if the user hits Esc at the zenity prompt. The last two lines should be replaced with
zenity --text-info --editable --filename=/etc/X11/xorg.conf --width=640 --height=480 > "$xorg_conf_tmp" && \
mv "$xorg_conf_tmp" /etc/X11/xorg.conf

Finally, are you SURE that a malicious user can’t gain any kind of unauthorized access by editing xorg.conf?
-------

I would also note that "mktmp" is a typo of "mktemp". Rather than using /tmp explicitly, the "-t" argument is recommended. i.e. mktemp -t xorg.conf.XXXXXXXX

Related branches

lp:ubuntu/lucid/xorg

Revision history for this message

Bryce Harrington (bryce) wrote on 2009-03-25:

Fixed that in git yesterday, along with another typo

Changed in xorg (Ubuntu):
status:	New → Fix Committed

Revision history for this message

Anders Kaseorg (andersk) wrote on 2009-03-26:

Having just looked at your Git commits, you still haven’t addressed Kees’s comment:

“I would also note that "mktmp" is a typo of "mktemp". Rather than using /tmp explicitly, the "-t" argument is recommended. i.e. mktemp -t xorg.conf.XXXXXXXX”

or my repeated security concern:

“Finally, are you SURE that a malicious user can’t gain any kind of unauthorized access by editing xorg.conf?”

Less importantly, the line “cp /etc/X11/xorg.conf ${xorg_conf_tmp}” is now redundant because ${xorg_conf_tmp} is overwritten by the following zenity command.

Changed in xorg:
status:	Fix Committed → Confirmed

Revision history for this message

Anders Kaseorg (andersk) wrote on 2009-03-26:

Some additional typos I found:

diff --git a/debian/local/Failsafe/failsafeXinit b/debian/local/Failsafe/failsafeXinit
index f22413c..37b18f3 100755
--- a/debian/local/Failsafe/failsafeXinit
+++ b/debian/local/Failsafe/failsafeXinit
@@ -88,7 +88,7 @@ display_filebug_menu() {
     # Run apport to file a bug
     if [ -e $apport_hook ]; then
         $apport_hook
- if [ $? == 0]; then
+ if [ $? == 0 ]; then
             zenity --info --text "$(gettext 'A bug report has been written.\nYou can send it next time you log in.')"
         else
             zenity --error --text "$(gettext 'Your bug could not be recorded successfully.\n')"
@@ -102,7 +102,7 @@ backup_xorg_conf() {
     # TODO: backup xorg.conf more elegantly...
     xorg_conf_backup="/etc/X11/xorg.conf-backup-${timestamp}"
     cp /etc/X11/xorg.conf ${xorg_conf_backup}
- if [ ! $? ]; then
+ if [ $? != 0 ]; then
         return zenity --question --text "$(gettext 'Your config could not be backed up.\nDo you want to continue anyway?\n')"
     fi
}
@@ -146,8 +146,7 @@ verify_xorgconf() {
edit_config() {
     backup_xorg_conf || return 1

- xorg_conf_tmp=$(mktmp "/tmp/xorg.conf.XXXXXXXX")
- cp /etc/X11/xorg.conf ${xorg_conf_tmp}
+ xorg_conf_tmp=$(mktemp -t "/tmp/xorg.conf.XXXXXXXX")
zenity --text-info --editable --filename=/etc/X11/xorg.conf --width=640 --height=480 > "${xorg_conf_tmp}" && mv "${xorg_conf_tmp}" /etc/X11/xorg.conf
}

Revision history for this message

Kees Cook (kees) wrote on 2009-03-26: Re: [Bug 348639] Re: typos in failsafeXinit

On Thu, Mar 26, 2009 at 07:01:52AM -0000, Anders Kaseorg wrote:
> + xorg_conf_tmp=$(mktemp -t "/tmp/xorg.conf.XXXXXXXX")

This should be:

+ xorg_conf_tmp=$(mktemp -t xorg.conf.XXXXXXXX)

Revision history for this message

Kees Cook (kees) wrote on 2009-03-26:

On Thu, Mar 26, 2009 at 07:01:52AM -0000, Anders Kaseorg wrote:
> zenity --text-info --editable --filename=/etc/X11/xorg.conf --width=640 --height=480 > "${xorg_conf_tmp}" && mv "${xorg_conf_tmp}" /etc/X11/xorg.conf

This action will cause /etc/X11/xorg.conf to be mode 600 (the mv retains
the permissions of the 600 tmp file). Perhaps add:

chmod 644 /etc/X11/xorg.conf

Revision history for this message

Anders Kaseorg (andersk) wrote on 2009-03-26:

Oh oops. Also, another typo.

diff --git a/debian/local/Failsafe/failsafeXinit b/debian/local/Failsafe/failsafeXinit
index 37b18f3..0fcea8f 100755
--- a/debian/local/Failsafe/failsafeXinit
+++ b/debian/local/Failsafe/failsafeXinit
@@ -146,7 +146,8 @@ verify_xorgconf() {
edit_config() {
backup_xorg_conf || return 1

- xorg_conf_tmp=$(mktemp -t "/tmp/xorg.conf.XXXXXXXX")
+ xorg_conf_tmp=$(mktemp -t xorg.conf.XXXXXXXX)
+ chmod 644 "${xorg_conf_tmp}"
zenity --text-info --editable --filename=/etc/X11/xorg.conf --width=640 --height=480 > "${xorg_conf_tmp}" && mv "${xorg_conf_tmp}" /etc/X11/xorg.conf
}

@@ -167,7 +168,7 @@ save_config_logs() {
tar -cf ${xorg_backup_file} ${xorg_backup_dir}
rm -rf ${xorg_backup_dir}

- zenity --info --text "$(gettext 'Relevant configuration and log files have been saved to:\n')"$xorg_backup_file\n"$(gettext 'Bug reports can be submitted at http://www.launchpad.net/ubuntu/.\n')"
+ zenity --info --text "$(gettext 'Relevant configuration and log files have been saved to:\n')""$xorg_backup_file"$'\n'"$(gettext 'Bug reports can be submitted at http://www.launchpad.net/ubuntu/.\n')"
}

# Scan Xorg.0.log for errors

Revision history for this message

Launchpad Janitor (janitor) wrote on 2009-04-02:

This bug was fixed in the package xorg - 1:7.4~5ubuntu17

---------------
xorg (1:7.4~5ubuntu17) jaunty; urgency=low

  * apport/source_xorg.py:
    - Include monitors.xml in apport reports.
  * local/Failsafe/failsafeXinit:
    - Fix typo in xorg.conf filename (LP: #348639)
    - Fix mismatched quotes (Ref. 335678)
    - Handle ESC key hits in zenity to not create a 0-length xorg.conf

-- Bryce Harrington <email address hidden> Sun, 29 Mar 2009 14:13:23 -0700

Changed in xorg (Ubuntu):
status:	Confirmed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuxorg package

typos in failsafeXinit

Bug Description

Related branches

Other bug subscribers

Remote bug watches

Ubuntu
xorg package