summaryrefslogtreecommitdiff
path: root/src/lib/evas/cserve2
diff options
context:
space:
mode:
authorCarsten Haitzler (Rasterman) <raster@rasterman.com>2014-01-08 19:46:23 +0900
committerCarsten Haitzler (Rasterman) <raster@rasterman.com>2014-01-08 19:46:23 +0900
commitb95ef3801f9719a8f8ff731e25d66a8d1dd417cd (patch)
tree258548da51b18d5fde17915bdc36cba44effcf40 /src/lib/evas/cserve2
parent323f293ab538ffc7431f6598736963a834c4f880 (diff)
setuid safeness - ensure if an app that is setuid doesn't do bad things
this makes efl ignore certain env vars for thnigs and entirely removes user modules (that no one ever used) etc. etc. to ensure that *IF* an app is setuid, there isn't a priv escalation path that is easy.
Diffstat (limited to 'src/lib/evas/cserve2')
-rw-r--r--src/lib/evas/cserve2/evas_cs2_client.c32
1 files changed, 19 insertions, 13 deletions
diff --git a/src/lib/evas/cserve2/evas_cs2_client.c b/src/lib/evas/cserve2/evas_cs2_client.c
index a1224e4746..0afd91f3fa 100644
--- a/src/lib/evas/cserve2/evas_cs2_client.c
+++ b/src/lib/evas/cserve2/evas_cs2_client.c
@@ -128,32 +128,38 @@ _socket_path_set(char *path)
128 char *env; 128 char *env;
129 char buf[UNIX_PATH_MAX]; 129 char buf[UNIX_PATH_MAX];
130 130
131 env = getenv("EVAS_CSERVE2_SOCKET"); 131 if (getuid() == getuid())
132 if (env && env[0])
133 { 132 {
134 eina_strlcpy(path, env, UNIX_PATH_MAX); 133 env = getenv("EVAS_CSERVE2_SOCKET");
135 return; 134 if (env && env[0])
135 {
136 eina_strlcpy(path, env, UNIX_PATH_MAX);
137 return;
138 }
136 } 139 }
137 140
138 snprintf(buf, sizeof(buf), "/tmp/.evas-cserve2-%x.socket", (int)getuid()); 141 snprintf(buf, sizeof(buf), "/tmp/.evas-cserve2-%x.socket", (int)getuid());
139 /* FIXME: check we can actually create this socket */ 142 /* FIXME: check we can actually create this socket */
140 strcpy(path, buf); 143 strcpy(path, buf);
141#if 0 144#if 0
142 env = getenv("XDG_RUNTIME_DIR"); 145 if (getuid() == getuid())
143 if (!env || !env[0])
144 { 146 {
145 env = getenv("HOME"); 147 env = getenv("XDG_RUNTIME_DIR");
146 if (!env || !env[0]) 148 if (!env || !env[0])
147 { 149 {
148 env = getenv("TMPDIR"); 150 env = getenv("HOME");
149 if (!env || !env[0]) 151 if (!env || !env[0])
150 env = "/tmp"; 152 {
153 env = getenv("TMPDIR");
154 if (!env || !env[0])
155 env = "/tmp";
156 }
151 } 157 }
152 }
153 158
154 snprintf(buf, sizeof(buf), "%s/evas-cserve2-%x.socket", env, getuid()); 159 snprintf(buf, sizeof(buf), "%s/evas-cserve2-%x.socket", env, getuid());
155 /* FIXME: check we can actually create this socket */ 160 /* FIXME: check we can actually create this socket */
156 strcpy(path, buf); 161 strcpy(path, buf);
162 }
157#endif 163#endif
158} 164}
159 165