summaryrefslogtreecommitdiff
path: root/src/lib/efreet
diff options
context:
space:
mode:
authorCarsten Haitzler (Rasterman) <raster@rasterman.com>2014-01-08 19:46:23 +0900
committerCarsten Haitzler (Rasterman) <raster@rasterman.com>2014-01-08 19:46:23 +0900
commitb95ef3801f9719a8f8ff731e25d66a8d1dd417cd (patch)
tree258548da51b18d5fde17915bdc36cba44effcf40 /src/lib/efreet
parent323f293ab538ffc7431f6598736963a834c4f880 (diff)
setuid safeness - ensure if an app that is setuid doesn't do bad things
this makes efl ignore certain env vars for thnigs and entirely removes user modules (that no one ever used) etc. etc. to ensure that *IF* an app is setuid, there isn't a priv escalation path that is easy.
Diffstat (limited to 'src/lib/efreet')
-rw-r--r--src/lib/efreet/efreet_base.c33
-rw-r--r--src/lib/efreet/efreet_menu.c5
2 files changed, 27 insertions, 11 deletions
diff --git a/src/lib/efreet/efreet_base.c b/src/lib/efreet/efreet_base.c
index 1c467d27b3..5836d95a5d 100644
--- a/src/lib/efreet/efreet_base.c
+++ b/src/lib/efreet/efreet_base.c
@@ -4,6 +4,8 @@
4 4
5#include <unistd.h> 5#include <unistd.h>
6#include <ctype.h> 6#include <ctype.h>
7#include <sys/types.h>
8#include <pwd.h>
7 9
8#ifdef _WIN32 10#ifdef _WIN32
9# include <winsock2.h> 11# include <winsock2.h>
@@ -276,10 +278,20 @@ efreet_dirs_init(void)
276 struct stat st; 278 struct stat st;
277 279
278 /* efreet_home_dir */ 280 /* efreet_home_dir */
279 efreet_home_dir = getenv("HOME"); 281 if (getuid() == getuid())
282 efreet_home_dir = getenv("HOME");
283 else
284 {
285 struct passwd *pw = getpwent();
286
287 if ((pw) && (pw->pw_dir)) efreet_home_dir = pw->pw_dir;
288 }
280#ifdef _WIN32 289#ifdef _WIN32
281 if (!efreet_home_dir || efreet_home_dir[0] == '\0') 290 if (!efreet_home_dir || efreet_home_dir[0] == '\0')
282 efreet_home_dir = getenv("USERPROFILE"); 291 {
292 if (getuid() == getuid())
293 efreet_home_dir = getenv("USERPROFILE");
294 }
283#endif 295#endif
284 if (!efreet_home_dir || efreet_home_dir[0] == '\0') 296 if (!efreet_home_dir || efreet_home_dir[0] == '\0')
285 efreet_home_dir = "/tmp"; 297 efreet_home_dir = "/tmp";
@@ -303,7 +315,7 @@ efreet_dirs_init(void)
303 xdg_config_dirs = efreet_dirs_get("XDG_CONFIG_DIRS", "/etc/xdg"); 315 xdg_config_dirs = efreet_dirs_get("XDG_CONFIG_DIRS", "/etc/xdg");
304 316
305 /* xdg_runtime_dir */ 317 /* xdg_runtime_dir */
306 xdg_runtime_dir = getenv("XDG_RUNTIME_DIR"); 318 if (getuid() == getuid()) xdg_runtime_dir = getenv("XDG_RUNTIME_DIR");
307 if (!xdg_runtime_dir) 319 if (!xdg_runtime_dir)
308 { 320 {
309 snprintf(buf, sizeof(buf), "/tmp/xdg-XXXXXX"); 321 snprintf(buf, sizeof(buf), "/tmp/xdg-XXXXXX");
@@ -375,10 +387,10 @@ efreet_dirs_init(void)
375static const char * 387static const char *
376efreet_dir_get(const char *key, const char *fallback) 388efreet_dir_get(const char *key, const char *fallback)
377{ 389{
378 char *dir; 390 char *dir = NULL;
379 const char *t; 391 const char *t;
380 392
381 dir = getenv(key); 393 if (getuid() == getuid()) dir = getenv(key);
382 if (!dir || dir[0] == '\0') 394 if (!dir || dir[0] == '\0')
383 { 395 {
384 int len; 396 int len;
@@ -409,11 +421,11 @@ static Eina_List *
409efreet_dirs_get(const char *key, const char *fallback) 421efreet_dirs_get(const char *key, const char *fallback)
410{ 422{
411 Eina_List *dirs = NULL; 423 Eina_List *dirs = NULL;
412 const char *path; 424 const char *path = NULL;
413 char *s, *p; 425 char *s, *p;
414 size_t len; 426 size_t len;
415 427
416 path = getenv(key); 428 if (getuid() == getuid()) path = getenv(key);
417 if (!path || (path[0] == '\0')) path = fallback; 429 if (!path || (path[0] == '\0')) path = fallback;
418 430
419 if (!path) return dirs; 431 if (!path) return dirs;
@@ -484,8 +496,11 @@ efreet_env_expand(const char *in)
484 { 496 {
485 memcpy(env, e1, len); 497 memcpy(env, e1, len);
486 env[len] = 0; 498 env[len] = 0;
487 val = getenv(env); 499 if (getuid() == getuid())
488 if (val) eina_strbuf_append(sb, val); 500 {
501 val = getenv(env);
502 if (val) eina_strbuf_append(sb, val);
503 }
489 } 504 }
490 e1 = NULL; 505 e1 = NULL;
491 eina_strbuf_append_char(sb, *p); 506 eina_strbuf_append_char(sb, *p);
diff --git a/src/lib/efreet/efreet_menu.c b/src/lib/efreet/efreet_menu.c
index dd56ad6033..1af99f1b0a 100644
--- a/src/lib/efreet/efreet_menu.c
+++ b/src/lib/efreet/efreet_menu.c
@@ -399,8 +399,9 @@ efreet_menu_init(void)
399 return 0; 399 return 0;
400 } 400 }
401 401
402 efreet_menu_prefix = getenv("XDG_MENU_PREFIX"); 402 if (getuid() == getuid())
403 if (!efreet_menu_prefix) efreet_menu_prefix = ""; 403 efreet_menu_prefix = getenv("XDG_MENU_PREFIX");
404 if (!efreet_menu_prefix) efreet_menu_prefix = "";
404 405
405 efreet_menu_handle_cbs = eina_hash_string_superfast_new(NULL); 406 efreet_menu_handle_cbs = eina_hash_string_superfast_new(NULL);
406 efreet_menu_filter_cbs = eina_hash_string_superfast_new(NULL); 407 efreet_menu_filter_cbs = eina_hash_string_superfast_new(NULL);