Bug 105939

Summary: /etc/X11/xdm/Xsession clobbers ~/.xsession-errors
Product: [openSUSE] SUSE LINUX 10.0 Reporter: Andreas Schwab <schwab>
Component: X.OrgAssignee: Stefan Dirsch <sndirsch>
Status: RESOLVED FIXED QA Contact: Stefan Dirsch <sndirsch>
Severity: Normal    
Priority: P5 - None CC: security-team, werner
Version: Beta 2   
Target Milestone: ---   
Hardware: Other   
OS: All   
Whiteboard:
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Andreas Schwab 2005-08-19 20:37:59 UTC 
Xsession removes ~/.xsession-errors before redirecting into it.  This makes it 
impossible to redirect it via a symlink to a local, non-shared directory.
Comment 1 Stefan Dirsch 2005-08-19 21:13:10 UTC 
So what? 
 
# 
# Avoid bad symbolic links 
# 
 
It seems to be intentional ...
Comment 2 Andreas Schwab 2005-08-19 21:37:17 UTC 
It's obviously doing the wrong thing.
Comment 3 Stefan Dirsch 2005-08-19 22:46:00 UTC 
To be honest, I don't want to touch this code ever again. See Bug #49253.  
At least you should provide a proposal for discussion.
Comment 4 Andreas Schwab 2005-08-22 09:25:06 UTC 
It must be possible to redirect the output to a local disk.
Comment 5 Dr. Werner Fink 2005-08-22 09:48:49 UTC 
The only way would be a script of the user to create the
~/.xsession-errors.  Then it is the users stupidy if
something goes wrong by an attack or an accidental.
Comment 6 Andreas Schwab 2005-08-22 09:52:48 UTC 
What is stupid about creating a symlink in $HOME?
Comment 7 Dr. Werner Fink 2005-08-22 09:56:06 UTC 
Don't ask me ask the security people ... maybe a attachement
executed by kmail does the job of a nice symbolic link
which points to the user personal data files.
Comment 8 Ludwig Nussel 2005-08-22 10:50:15 UTC 
No, in the user's home it doesn't matter. Only when creating files in world 
writeable locations such as /tmp one has to be careful to not follow symlinks.
Comment 9 Dr. Werner Fink 2005-08-22 11:16:33 UTC 
Please believe me: I was forced by the former security team to
do this also for the users ~/.xsession-error file with exact
this explanation given in comment #7 ... if you know says this
is not necessary anymore I'll change that.  I'll add Roman to
the CC list maybe he has some minutes to remember this.
Comment 10 Marcus Meissner 2005-08-22 16:15:30 UTC 
The original problem was discussed here: 
 
https://bugzilla.novell.com/show_bug.cgi?id=49253 
 
the script can also create xsession logs in /tmp ... thats why this 
strange check is there I think.
Comment 11 Dr. Werner Fink 2005-08-22 16:39:28 UTC 
I've changed /etc/X11/xdm/Xsession accordingly