gconfd saved_state file has executable tag set
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| gconf |
Won't Fix
|
Medium
|
|||
| gconf (Ubuntu) |
Triaged
|
Low
|
Unassigned | ||
Bug Description
Binary package hint: gconf
gconfd seems to be setting the executable bit on a file which presumably has no need to be executable
paulm@noobuntu:
total 1624
-rwx------ 1 paulm paulm 1654806 2011-05-05 13:54 saved_state
This could (perhaps in combination with other factors) be a security issue and also cause warnings from security tools that look for files with potentially dangerous or unexpected attributes.
ProblemType: Bug
DistroRelease: Ubuntu 11.04
Package: libgconf2-4 2.32.2-0ubuntu2
ProcVersionSign
Uname: Linux 2.6.38-
Architecture: i386
Date: Thu May 5 13:53:52 2011
ExecutablePath: /usr/lib/
ProcEnviron:
SHELL=/bin/bash
PATH=(custom, user)
LANGUAGE=en_AU:en
LANG=en_AU.UTF-8
SourcePackage: gconf
UpgradeStatus: Upgraded to natty on 2011-04-15 (19 days ago)
| Paul McGarry (paul-paulmcgarry) wrote | #1 |
| Peter Wu (lekensteyn) wrote | #2 |
| Changed in gconf (Ubuntu): | |
| status: | New → Confirmed |
| tags: | added: patch |
| Sebastien Bacher (seb128) wrote | #3 |
| Changed in gconf (Ubuntu): | |
| status: | Confirmed → Triaged |
| importance: | Undecided → Low |
| Changed in gconf: | |
| importance: | Unknown → Medium |
| status: | Unknown → New |
| Changed in gconf: | |
| status: | New → Won't Fix |
I found the problem:
- when saving the state, a temporary file is created: logfile ".tmp" (saved_state.tmp)
- this file is created with mode 0700
- if the file is succesful created, the file got moved to logfile (saved_state)
The attached patch sets the mode to 0600 (read + write) instead of 0700.