Bug 358593

Summary: kdeinit5 create /tmp/xauth-xxx-_y with inappropriate permission.
Product: [Frameworks and Libraries] frameworks-kinit Reporter: taro yamada <archer_ame>
Component: generalAssignee: David Faure <faure>
Status: RESOLVED FIXED    
Severity: normal CC: aacid, Davidl.Rumley, kdelibs-bugs, kensington, rdieter, thoger
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Arch Linux   
OS: Linux   
Latest Commit: Version Fixed In:

Description taro yamada 2016-01-26 15:33:08 UTC
I'm sorry if my English is hard to understand.

kdeinit5 create /tmp/xauth-xxx-_y with inappropriate permission, 644.
I think it should be 600.

---affected system---
Distro : ArchLinux
Qt version : 5.5.1 (I'm sorry, I haven't check the other versions on Arch.)
KDE version : 5.18.0 (The same as above)
------

---not affected system---
Distro : Kubuntu 15.10 LiveCD
Qt version : 5.4.2
KDE version : 5.15.0
------



Reproducible: Always

Steps to Reproduce:
1. Just login to plasma5. (I tried sddm and startx.)

Actual Results:  
 The permission of /tmp/xauth-xxx-_y is 644.

Expected Results:  
The permission of /tmp/xauth-xxx-_y should be 600.

I'm newbie but I tried to read the source for my study.
I changed near the line 1536 of kinit-5.18.0/src/kdeinit/kinit.cpp.
---before---
if (!xauthfrom.open(QFile::ReadOnly) || !xauthfile.open(QFile::WriteOnly)
    || xauthfile.write(xauthfrom.readAll()) != xauthfrom.size() || !xauthfile.commit()) {
------
to
---after---
if (!xauthfrom.open(QFile::ReadOnly) || !xauthfile.open(QFile::WriteOnly) || !xauthfile.setPermissions( QFile::Permissions( QFile::ReadOwner | QFile::WriteOwner ) )
     || xauthfile.write(xauthfrom.readAll()) != xauthfrom.size() || !xauthfile.commit()) {
------

And remove /tmp/xauth-xxx-_y and relogin, then the permission become 600.
I don't have enough ‎knowledge, so I can't determine this is valid solution or not.
Comment 1 Christoph Feck 2016-05-17 12:16:16 UTC
*** Bug 363140 has been marked as a duplicate of this bug. ***
Comment 2 Albert Astals Cid 2016-05-17 21:33:43 UTC
*** Bug 363140 has been marked as a duplicate of this bug. ***
Comment 3 Albert Astals Cid 2016-05-17 22:09:06 UTC
Git commit dece8fd89979cd1a86c03bcaceef6e9221e8d8cd by Albert Astals Cid, on behalf of taro yamada.
Committed on 17/05/2016 at 22:08.
Pushed by aacid into branch 'master'.

Fix permissions of /tmp/xauth-xxx-_y

M  +1    -0    src/kdeinit/kinit.cpp

http://commits.kde.org/kinit/dece8fd89979cd1a86c03bcaceef6e9221e8d8cd
Comment 4 Tomas Hoger 2016-05-18 08:29:40 UTC
Ain't this fix racy?  The file is first created as world readable, and later chmod-ed to expected permissions, leaving a (small) window during which the file can be opened by anyone.

Also this looks like a symptom of a larger problem.  Previously, the xauth file was stored in the /tmp/kde-$username directory with safe permissions (700):

https://userbase.kde.org/KDE_System_Administration/KDE_Filesystem_Hierarchy#Temporary_Files

That directory does not seem to be created any more.  Other programs that previously created temporary files with world-readable permissions inside the safe directory may also be affected if they now use /tmp directly instead.
Comment 5 Albert Astals Cid 2016-05-19 22:06:55 UTC
(In reply to Tomas Hoger from comment #4)
> Ain't this fix racy?  The file is first created as world readable, and later
> chmod-ed to expected permissions, leaving a (small) window during which the
> file can be opened by anyone.

Yes it is a bit racy, at this point it is the best mitigation *I* can offer, i am trying to get the people that know how this works to provide a better solution.
Comment 6 Albert Astals Cid 2016-05-21 16:04:31 UTC
Fixed again with umask use
Comment 7 Tomas Hoger 2016-05-23 08:46:11 UTC
Adding the link to the umask fix, as it was not linked here automatically.

https://quickgit.kde.org/?p=kinit.git&a=commitdiff&h=72f3702dbe6cf15c06dc13da2c99c864e9022a58