[Xorg] [Bug 297] New: [PATCH] Remove bogus sleep(5) calls from libICE

[bugzilla-daemon at pdx.freedesktop.org]

http://pdx.freedesktop.org/cgi-bin/bugzilla/show_bug.cgi?id=297

           Summary: [PATCH] Remove bogus sleep(5) calls from libICE
           Product: xorg
           Version: unspecified
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P3
         Component: xlib
        AssignedTo: xorg at freedesktop.org
        ReportedBy: mharris at www.linux.org.uk


There is no libICE component, so filing against 'xlib' component as that is
the closest match.


Details (from Havoc Pennington in Red Hat bugzilla bug 66751):

It's in the "lib/xtrans" directory in Xlib source code, trans_mkdir, it makes a
directory in /tmp, checks its ownership, if not owned by root it does sleep(5).
Do a default fresh install of 7.2 or 7.3 and log in with a new user account.
Note that it triggers the warning about root and sleeps for 5 seconds, then
continues.
This happens when the GNOME/KDE session managers start up ICE.

This is either a) a real security issue or b) a pointless 5-second login delay.

Here is the exact code from Xtransutil.c:
            if (updateOwner && !updatedOwner) {
                PRMSG(1, "mkdir: Owner of %s should be set to root\n",
                      path, 0, 0);
                sleep(5);
            }
            if (updateMode && !updatedMode) {
                PRMSG(1, "mkdir: Mode of %s should be set to %04o\n",
                      path, mode, 0);
                sleep(5);
            }

So the fix is either to create a setuid helper or something so that libICE can
always set the owner of that dir to root, or just remove the sleep. But the
current situation is just dumb.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.