forked from enlightenment/enlightenment
simplify ipc socket creation
in trying to be extra secure here, a security hole is created due to time between mkdir and stat calls CID 1039781
This commit is contained in:
parent
4619114ea7
commit
2e819fef17
|
@ -77,13 +77,7 @@ e_ipc_init(void)
|
||||||
{
|
{
|
||||||
snprintf(buf, sizeof(buf), "%s/e-%s@%x",
|
snprintf(buf, sizeof(buf), "%s/e-%s@%x",
|
||||||
base, user, id1);
|
base, user, id1);
|
||||||
if (mkdir(buf, S_IRWXU) < 0)
|
if (!mkdir(buf, S_IRWXU))
|
||||||
goto retry;
|
|
||||||
if (stat(buf, &st) < 0)
|
|
||||||
goto retry;
|
|
||||||
if ((st.st_uid == getuid()) &&
|
|
||||||
((st.st_mode & (S_IFDIR | S_IRWXU | S_IRWXG | S_IRWXO)) ==
|
|
||||||
(S_IRWXU | S_IFDIR)))
|
|
||||||
{
|
{
|
||||||
#ifdef USE_IPC
|
#ifdef USE_IPC
|
||||||
snprintf(buf3, sizeof(buf3), "%s/%i",
|
snprintf(buf3, sizeof(buf3), "%s/%i",
|
||||||
|
@ -97,7 +91,6 @@ e_ipc_init(void)
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
retry:
|
|
||||||
id1 = rand();
|
id1 = rand();
|
||||||
}
|
}
|
||||||
#ifdef USE_IPC
|
#ifdef USE_IPC
|
||||||
|
|
Loading…
Reference in New Issue