Security: Permissions of all files created by xorg server violate the umask
Submitted by Klaus Kusche
Assigned to Xorg Project Team
Link to original bug (#101287)
Description
We have a strict umask 077 policy here, i.e. all files created under /home must have 00 permissions for group and other.
However, in spite of its umask being 077 (xorg is started in the users's environment here, not as root), the xorg server creates all its files with permissions 644 and all its directories with permissions 755, e.g. .local/share/xorg/Xorg.0.log and everything below .cache/mesa
It may create files with more restrictive permissions than the umask says (e.g. with 644 if the umask is 000), but it must not ignore the umask and it must not create files with less restricive permissions than the umask!