summaryrefslogtreecommitdiff
path: root/src/lib/ethumb
diff options
context:
space:
mode:
authorCarsten Haitzler (Rasterman) <raster@rasterman.com>2014-01-08 19:46:23 +0900
committerCarsten Haitzler (Rasterman) <raster@rasterman.com>2014-01-08 19:46:23 +0900
commitb95ef3801f9719a8f8ff731e25d66a8d1dd417cd (patch)
tree258548da51b18d5fde17915bdc36cba44effcf40 /src/lib/ethumb
parent323f293ab538ffc7431f6598736963a834c4f880 (diff)
setuid safeness - ensure if an app that is setuid doesn't do bad things
this makes efl ignore certain env vars for thnigs and entirely removes user modules (that no one ever used) etc. etc. to ensure that *IF* an app is setuid, there isn't a priv escalation path that is easy.
Diffstat (limited to 'src/lib/ethumb')
-rw-r--r--src/lib/ethumb/ethumb.c88
1 files changed, 48 insertions, 40 deletions
diff --git a/src/lib/ethumb/ethumb.c b/src/lib/ethumb/ethumb.c
index 2a97e39bca..c408be516d 100644
--- a/src/lib/ethumb/ethumb.c
+++ b/src/lib/ethumb/ethumb.c
@@ -43,6 +43,7 @@
43#include <dirent.h> 43#include <dirent.h>
44#include <dlfcn.h> 44#include <dlfcn.h>
45#include <ctype.h> 45#include <ctype.h>
46#include <pwd.h>
46 47
47#ifdef HAVE_XATTR 48#ifdef HAVE_XATTR
48# include <sys/xattr.h> 49# include <sys/xattr.h>
@@ -154,50 +155,37 @@ static void
154_ethumb_plugins_load(void) 155_ethumb_plugins_load(void)
155{ 156{
156 char buf[PATH_MAX]; 157 char buf[PATH_MAX];
157 char *path;
158 158
159 if (_plugins_loaded) return; 159 if (_plugins_loaded) return;
160 _plugins_loaded = EINA_TRUE; 160 _plugins_loaded = EINA_TRUE;
161 161
162 if (getenv("EFL_RUN_IN_TREE")) 162 if (getuid() == getuid())
163 { 163 {
164 struct stat st; 164 if (getenv("EFL_RUN_IN_TREE"))
165 snprintf(buf, sizeof(buf), "%s/src/modules/ethumb",
166 PACKAGE_BUILD_DIR);
167 if (stat(buf, &st) == 0)
168 { 165 {
169 const char *built_modules[] = { 166 struct stat st;
170 "emotion", 167 snprintf(buf, sizeof(buf), "%s/src/modules/ethumb",
171 NULL 168 PACKAGE_BUILD_DIR);
172 }; 169 if (stat(buf, &st) == 0)
173 const char **itr;
174 for (itr = built_modules; *itr != NULL; itr++)
175 { 170 {
176 snprintf(buf, sizeof(buf), 171 const char *built_modules[] = {
177 "%s/src/modules/ethumb/%s/.libs", 172 "emotion",
178 PACKAGE_BUILD_DIR, *itr); 173 NULL
179 _plugins = eina_module_list_get(_plugins, buf, 174 };
180 EINA_FALSE, NULL, NULL); 175 const char **itr;
176 for (itr = built_modules; *itr != NULL; itr++)
177 {
178 snprintf(buf, sizeof(buf),
179 "%s/src/modules/ethumb/%s/.libs",
180 PACKAGE_BUILD_DIR, *itr);
181 _plugins = eina_module_list_get(_plugins, buf,
182 EINA_FALSE, NULL, NULL);
183 }
184 goto load;
181 } 185 }
182 goto load;
183 } 186 }
184 } 187 }
185 188
186 path = eina_module_environment_path_get("ETHUMB_MODULES_DIR",
187 "/ethumb/modules");
188 if (path)
189 {
190 _plugins = eina_module_arch_list_get(_plugins, path, MODULE_ARCH);
191 free(path);
192 }
193
194 path = eina_module_environment_path_get("HOME", "/.ethumb");
195 if (path)
196 {
197 _plugins = eina_module_arch_list_get(_plugins, path, MODULE_ARCH);
198 free(path);
199 }
200
201 snprintf(buf, sizeof(buf), "%s/ethumb/modules", eina_prefix_lib_get(_pfx)); 189 snprintf(buf, sizeof(buf), "%s/ethumb/modules", eina_prefix_lib_get(_pfx));
202 _plugins = eina_module_arch_list_get(_plugins, buf, MODULE_ARCH); 190 _plugins = eina_module_arch_list_get(_plugins, buf, MODULE_ARCH);
203 191
@@ -269,8 +257,18 @@ ethumb_init(void)
269 ecore_evas_init(); 257 ecore_evas_init();
270 edje_init(); 258 edje_init();
271 259
272 home = getenv("HOME"); 260 if (getuid() == getuid())
273 snprintf(buf, sizeof(buf), "%s/.thumbnails", home); 261 {
262 home = getenv("HOME");
263 snprintf(buf, sizeof(buf), "%s/.thumbnails", home);
264 }
265 else
266 {
267 struct passwd *pw = getpwent();
268
269 if ((!pw) || (!pw->pw_dir)) goto error_plugins_ext;
270 snprintf(buf, sizeof(buf), "%s/.thumbnails", pw->pw_dir);
271 }
274 272
275 _home_thumb_dir = eina_stringshare_add(buf); 273 _home_thumb_dir = eina_stringshare_add(buf);
276 _thumb_category_normal = eina_stringshare_add("normal"); 274 _thumb_category_normal = eina_stringshare_add("normal");
@@ -709,11 +707,21 @@ _ethumb_build_absolute_path(const char *path, char buf[PATH_MAX])
709 } 707 }
710 else if (path[0] == '~') 708 else if (path[0] == '~')
711 { 709 {
712 const char *home = getenv("HOME"); 710 if (getuid() == getuid())
713 if (!home) 711 {
714 return NULL; 712 const char *home = getenv("HOME");
715 strncpy(p, home, PATH_MAX - 1); 713 if (!home) return NULL;
716 p[PATH_MAX - 1] = 0; 714 strncpy(p, home, PATH_MAX - 1);
715 p[PATH_MAX - 1] = 0;
716 }
717 else
718 {
719 struct passwd *pw = getpwent();
720
721 if ((!pw) || (!pw->pw_dir)) return NULL;
722 strncpy(p, pw->pw_dir, PATH_MAX - 1);
723 p[PATH_MAX - 1] = 0;
724 }
717 len = strlen(p); 725 len = strlen(p);
718 p += len; 726 p += len;
719 p[0] = '/'; 727 p[0] = '/';