ubuntu-x-swat team mailing list archive

[Ralph Corderoy <ralph@xxxxxxxxxxxxxxx>]

Public bug reported:

Binary package hint: xorg

/etc/init.d/x11-common in package x11-common, version 1:7.5+5ubuntu1
from 10.04 includes

    $ awk 'BEGIN {RS = ""; ORS = "\n\n"} /chmod/' /etc/init.d/x11-common
    set_up_socket_dir () {
      if [ "$VERBOSE" != no ]; then
        log_begin_msg "Setting up X server socket directory $SOCKET_DIR..."
      fi
      if [ -e $SOCKET_DIR ] && [ ! -d $SOCKET_DIR ]; then
        mv $SOCKET_DIR $SOCKET_DIR.$$
      fi
      mkdir -p $SOCKET_DIR
      chown root:root $SOCKET_DIR
      chmod 1777 $SOCKET_DIR
      do_restorecon $SOCKET_DIR
      [ "$VERBOSE" != no ] && log_end_msg 0 || return 0
    }

    set_up_ice_dir () {
      if [ "$VERBOSE" != no ]; then
        log_begin_msg "Setting up ICE socket directory $ICE_DIR..."
      fi
      if [ -e $ICE_DIR ] && [ ! -d $ICE_DIR ]; then
        mv $ICE_DIR $ICE_DIR.$$
      fi
      mkdir -p $ICE_DIR
      chown root:root $ICE_DIR
      chmod 1777 $ICE_DIR
      do_restorecon $ICE_DIR
      [ "$VERBOSE" != no ] && log_end_msg 0 || return 0
    }
    $

Both functions allow for the directory, /tmp/.X11-unix or
/tmp/.ICE-unix, to already exist.  They then attempt to ensure it has
the correct owner, group, and permissions.  But the

    chmod 1777 ...

fails to do this.  chmod(1) says

    chmod preserves a directory's set-user-ID and set-group-ID bits
    unless you explicitly specify otherwise.  You can set or clear the
    bits with symbolic modes like u+s and g-s, and you can set (but not
    clear) the bits with a numeric mode.

This is allowed by chmod(1posix).

    For an octal integer mode operand, the file mode bits shall be set
    absolutely.  [Sounds good so far.]

    For each bit set in the octal number, the corresponding file
    permission bit [meaning rwx] shown in the following table shall be
    set;  all other file permission bits shall be cleared.  For regular
    files, for each bit set in the octal number corresponding to the
    set-user-ID-on-execution or the set-group-ID-on-execution, bits
    shown in the following table shall be set; if these bits are not set
    in the octal number, they are cleared.  [Good.]  For other file
    types [e.g. directories], it is implementation-defined whether or
    not requests to set or clear the set-user-ID-on-execution or
    set-group-ID-on-execution bits are honored.

IOW, the numeric mode 1777 will *never* clear the setuid and setgid
bits.  A symbolic mode must be used to do this.

    $ mkdir foo
    $ l -d foo
    drwxr-xr-x 2 ralph ralph 4096 2010-08-24 11:07 foo
    $ chmod 1777 foo
    $ l -d foo
    drwxrwxrwt 2 ralph ralph 4096 2010-08-24 11:07 foo

Correct.  x11-common's chmod works in this case.

    $ chmod u+s foo
    $ l -d foo
    drwsrwxrwt 2 ralph ralph 4096 2010-08-24 11:07 foo
    $ chmod 1777 foo
    $ l -d foo
    drwsrwxrwt 2 ralph ralph 4096 2010-08-24 11:07 foo

Wrong.  It fails to clear setuid.

    $ chmod u-s,g+s foo
    $ l -d foo
    drwxrwsrwt 2 ralph ralph 4096 2010-08-24 11:07 foo
    $ chmod 1777 foo
    $ l -d foo
    drwxrwsrwt 2 ralph ralph 4096 2010-08-24 11:07 foo

Wrong.  Nor does it clear setgid.

    $ chmod a-s=rwxt foo
    $ l -d foo
    drwxrwxrwt 2 ralph ralph 4096 2010-08-24 11:07 foo
    $ 

The symbolic `a-s=rwxt' should be used for both of x11-common's chmods
in order to have the desired effect.

Because of the incorrect 1777, users are seeing errors from xorg's
xserver-wrapper.c,

    X: /tmp/.X11-unix has suspicious mode (not 1777) or is not a
    directory, aborting.

see bug #622179.  Perhaps this is being caused by the parent directory,
/tmp, being setgid and this is inherited by the mkdir(1), see mkdir(2),
and not cleared by the chmod.

** Affects: xorg (Ubuntu)
     Importance: Undecided
         Status: New

-- 
/etc/init.d/x11-common's chmod 1777 fails to clear setuid and setgid
https://bugs.launchpad.net/bugs/623294
You received this bug notification because you are a member of Ubuntu-X,
which is subscribed to xorg in ubuntu.