[Secure-testing-team] Bug#526880: thunar: New directories get wrong permissions

Thomas Constans tom at opendoor.fr
Mon May 4 08:23:19 UTC 2009 

Package: thunar
Version: 1.0.1-1
Severity: grave
Tags: security
Justification: user security hole


A new directory, created from Thunar, will have permission 777,
bypassing umask value.

Regards


-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages thunar depends on:
ii  desktop-file-utils           0.15-2      Utilities for .desktop files
ii  exo-utils                    0.3.101-1   Utility files for libexo
ii  libatk1.0-0                  1.26.0-1    The ATK accessibility toolkit
ii  libc6                        2.9-8       GNU C Library: Shared libraries
ii  libcairo2                    1.8.6-2+b1  The Cairo 2D vector graphics libra
ii  libdbus-1-3                  1.2.12-1    simple interprocess messaging syst
ii  libdbus-glib-1-2             0.80-4      simple interprocess messaging syst
ii  libexo-0.3-0                 0.3.101-1   Library with extensions for Xfce
ii  libfreetype6                 2.3.9-4.1   FreeType 2 font engine, shared lib
ii  libglib2.0-0                 2.20.1-1    The GLib library of C routines
ii  libgtk2.0-0                  2.16.1-2    The GTK+ graphical user interface 
ii  libice6                      2:1.0.5-1   X11 Inter-Client Exchange library
ii  libpango1.0-0                1.24.0-3+b1 Layout and rendering of internatio
ii  libsm6                       2:1.1.0-2   X11 Session Management library
ii  libthunar-vfs-1-2            1.0.1-1     VFS abstraction used in thunar
ii  libx11-6                     2:1.2.1-1   X11 client-side library
ii  libxfce4util4                4.6.1-1     Utility functions library for Xfce
ii  shared-mime-info             0.60-2      FreeDesktop.org shared MIME databa
ii  thunar-data                  1.0.1-1     Provides thunar documentation, ico

Versions of packages thunar recommends:
ii  dbus-x11     1.2.12-1                    simple interprocess messaging syst
ii  gamin        0.1.10-1                    File and directory monitoring syst
ii  hal          0.5.12~git20090406.46dc48-2 Hardware Abstraction Layer
ii  thunar-volma 0.3.80-2                    Thunar extension for volumes manag
ii  xdg-user-dir 0.10-1                      tool to manage well known user dir
ii  xfce4-panel  4.6.1-1                     The Xfce4 desktop environment pane

Versions of packages thunar suggests:
pn  thunar-archive-plugin         <none>     (no description available)
pn  thunar-media-tags-plugin      <none>     (no description available)

-- no debconf information

More information about the Secure-testing-team mailing list