NorwayFun
/
efl
forked from enlightenment/efl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

efl vpath - for runtime dir dont fall back to tmp but instead abort 

if we can't create a runtimedir maybe its best to abort. also ensure
it is created as the effective user id.
This commit is contained in:
Carsten Haitzler 2017-02-09 19:52:53 +09:00
parent 015174f4a4
commit 810b17e7a4
1 changed files with 53 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
src/lib/efl/interfaces/efl_vpath_core.c
View File

@ -104,34 +104,69 @@ _efl_vpath_core_efl_object_constructor(Eo *obj, Efl_Vpath_Core_Data *pd)
// having read and write access to it. Its Unix access mode MUST // having read and write access to it. Its Unix access mode MUST
// be 0700. // be 0700.
#if defined(HAVE_GETUID) && defined(HAVE_GETEUID) #if defined(HAVE_GETUID) && defined(HAVE_GETEUID)
if (!(s = getenv("XDG_RUNTIME_DIR")))
#else
if ((getuid() != geteuid()) || (!(s = getenv("XDG_RUNTIME_DIR")))) if ((getuid() != geteuid()) || (!(s = getenv("XDG_RUNTIME_DIR"))))
#else
if (!(s = getenv("XDG_RUNTIME_DIR")))
#endif #endif
{ {
#ifdef HAVE_GETEUID
struct stat st; struct stat st;
uid_t uid;
#if defined(HAVE_GETUID) && defined(HAVE_GETEUID)
uid = getuid();
setuid(geteuid());
#endif
// fallback - make ~/.run // fallback - make ~/.run
snprintf(buf, sizeof(buf), "%s/.run", home); snprintf(buf, sizeof(buf), "%s/.run", home);
mkdir(buf, S_IRUSR | S_IWUSR | S_IXUSR); if (mkdir(buf, S_IRUSR | S_IWUSR | S_IXUSR) == 0) s = buf;
// if mkdir worked - use, otherwse use /tmp
if (stat(buf, &st) == 0) s = buf;
else else
{ {
uid_t uid; if (errno == EEXIST)
{
// use /tmp/.run-UID if ~/ dir cant be made if (stat(buf, &st) == 0)
s = (char *)efl_vpath_core_meta_get(obj, "tmp"); {
uid = geteuid(); // some sanity checks - but not for security
snprintf(buf, sizeof(buf), "%s/.run-%i", s, (int)uid); if (!(st.st_mode & S_IFDIR))
mkdir(buf, S_IRUSR | S_IWUSR | S_IXUSR); {
// if ok - use it or fall back to /tmp // fatal - exists but is not a dir
if (stat(buf, &st) == 0) s = buf; fprintf(stderr,
else s = (char *)efl_vpath_core_meta_get(obj, "tmp"); "FATAL: run dir '%s' exists but not a dir\n",
buf);
abort();
}
#if defined(HAVE_GETUID) && defined(HAVE_GETEUID)
if (st.st_uid != geteuid())
{
// fatal - run dir doesn't belong to user
fprintf(stderr,
"FATAL: run dir '%s' not owned by uid %i\n",
buf, (int)geteuid());
abort();
}
#endif
// we're ok
s = buf;
}
else
{
// fatal - we cant create our run dir in ~/
fprintf(stderr,
"FATAL: Cannot verify run dir '%s' errno=%i\n",
buf, errno);
abort();
}
}
else
{
// fatal - we cant create our run dir in ~/
fprintf(stderr,
"FATAL: Cannot create run dir '%s' - errno=%i\n",
buf, errno);
abort();
}
} }
#else #if defined(HAVE_GETUID) && defined(HAVE_GETEUID)
s = (char *)efl_vpath_core_meta_get(obj, "tmp"); setreuid(uid, geteuid());
#endif #endif
} }
if (!s) s = (char *)efl_vpath_core_meta_get(obj, "tmp"); if (!s) s = (char *)efl_vpath_core_meta_get(obj, "tmp");