From 5c10812e3634faebb0c8b02bac6ba79aa26d97f2 Mon Sep 17 00:00:00 2001
From: Rafal Wojtczuk <rafal@invisiblethingslab.com>
Date: Fri, 25 Mar 2011 13:47:01 +0100
Subject: [PATCH 1/2] qrexec_agent: When running as root, make the socket
 accessible

... world-rw. Perms on /var/run/qubes still limit access to group qubes.
---
 qrexec/qrexec_daemon.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/qrexec/qrexec_daemon.c b/qrexec/qrexec_daemon.c
index 518ba4e7..1916254c 100644
--- a/qrexec/qrexec_daemon.c
+++ b/qrexec/qrexec_daemon.c
@@ -85,7 +85,6 @@ void init(int xid)
 		 "/var/log/qubes/qrexec.%d.log", xid);
 	umask(0007);
 	logfd = open(dbg_log, O_WRONLY | O_CREAT | O_TRUNC, 0640);
-	umask(0077);
 
 	dup2(logfd, 1);
 	dup2(logfd, 2);
@@ -98,7 +97,10 @@ void init(int xid)
 
 	remote_domain_name = peer_client_init(xid, REXEC_PORT);
 	setuid(getuid());
+	/* When running as root, make the socket accessible; perms on /var/run/qubes still apply */
+	umask(0);
 	server_fd = get_server_socket(xid, remote_domain_name);
+	umask(0077);
 	signal(SIGPIPE, SIG_IGN);
 	signal(SIGCHLD, sigchld_handler);
 	signal(SIGUSR1, SIG_DFL);

From 4f1635dac99000dabe1631e2356fb98e85a7c9ff Mon Sep 17 00:00:00 2001
From: Joanna Rutkowska <joanna@invisiblethingslab.com>
Date: Fri, 25 Mar 2011 15:59:23 +0100
Subject: [PATCH 2/2] version 1.5.2

---
 version_dom0 | 2 +-
 version_vm   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/version_dom0 b/version_dom0
index 26ca5946..4cda8f19 100644
--- a/version_dom0
+++ b/version_dom0
@@ -1 +1 @@
-1.5.1
+1.5.2
diff --git a/version_vm b/version_vm
index 26ca5946..4cda8f19 100644
--- a/version_vm
+++ b/version_vm
@@ -1 +1 @@
-1.5.1
+1.5.2