[Pkg-xfce-devel] Bug#721744: Pollutes home with .Xauthority.* files (with bad permissions)
Yuri D'Elia
yuri.delia at eurac.edu
Tue Sep 3 17:10:45 UTC 2013
Package: lightdm
Version: 1.6.0-3
Severity: important
I noticed this issue a couple of months ago.
lightdm likes to create (backup?) copies of .Xauthority files for some reason.
I never paid attention to the dynamics, but I have a dozen .Xauthority.* files
in my ~ which look like stale cookies and/or temporary files created by
mkstemp(2) or a similar function.
Moreover, all these files, *including* the current .Xauthority file are created
0644, which is a (grave) security issue by itself.
This effect also seems to be reported in ubuntu, with no action:
https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/1175023
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (900, 'unstable'), (800, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.10-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages lightdm depends on:
ii adduser 3.113+nmu3
ii consolekit 0.4.5-3.1
ii dbus 1.6.12-1
ii debconf [debconf-2.0] 1.5.51
ii libc6 2.17-92+b1
ii libgcrypt11 1.5.3-2
ii libglib2.0-0 2.36.4-1
ii libpam0g 1.1.3-9
ii libxcb1 1.9.1-3
ii libxdmcp6 1:1.1.1-1
ii lightdm-gtk-greeter [lightdm-greeter] 1.6.0-1
Versions of packages lightdm recommends:
ii xserver-xorg 1:7.7+3
Versions of packages lightdm suggests:
pn accountsservice <none>
pn upower <none>
-- debconf information:
lightdm/daemon_name: /usr/sbin/lightdm
* shared/default-x-display-manager: lightdm
More information about the Pkg-xfce-devel
mailing list