forked from enlightenment/efl
setuid safeness - ensure if an app that is setuid doesn't do bad things
this makes efl ignore certain env vars for thnigs and entirely removes user modules (that no one ever used) etc. etc. to ensure that *IF* an app is setuid, there isn't a priv escalation path that is easy.
This commit is contained in:
parent
a7a8b257c2
commit
430f98a628
|
@ -3508,13 +3508,13 @@ _tempfile_new(int size)
|
|||
{
|
||||
#ifdef HAVE_MMAN_H
|
||||
Tmp_Info *info;
|
||||
const char *tmppath;
|
||||
const char *tmppath = NULL;
|
||||
mode_t cur_umask;
|
||||
int len;
|
||||
|
||||
info = calloc(1, sizeof(Tmp_Info));
|
||||
if (!info) return NULL;
|
||||
tmppath = getenv("TMP");
|
||||
if (getuid() == getuid()) tmppath = getenv("TMP");
|
||||
if (!tmppath) tmppath = P_tmpdir;
|
||||
len = snprintf(NULL, 0, "%s/%sXXXXXX", tmppath, "elmcnpitem-");
|
||||
if (len < 0) goto on_error;
|
||||
|
|
|
@ -8,6 +8,7 @@
|
|||
|
||||
#include <Elementary.h>
|
||||
#include "elm_priv.h"
|
||||
#include <pwd.h>
|
||||
|
||||
EAPI int ELM_EVENT_CONFIG_ALL_CHANGED = 0;
|
||||
|
||||
|
@ -508,7 +509,7 @@ _elm_config_user_dir_snprintf(char *dst,
|
|||
...)
|
||||
{
|
||||
const char *home = NULL;
|
||||
size_t user_dir_len, off;
|
||||
size_t user_dir_len = 0, off = 0;
|
||||
va_list ap;
|
||||
|
||||
#ifdef _WIN32
|
||||
|
@ -517,28 +518,47 @@ _elm_config_user_dir_snprintf(char *dst,
|
|||
(dst, size, '/', home, strlen(home),
|
||||
ELEMENTARY_BASE_DIR, sizeof(ELEMENTARY_BASE_DIR) - 1);
|
||||
#else
|
||||
#ifdef DOXDG
|
||||
home = getenv("XDG_CONFIG_HOME");
|
||||
if (home)
|
||||
if (getuid() == getuid())
|
||||
{
|
||||
user_dir_len = eina_str_join_len
|
||||
(dst, size, '/', home, strlen(home),
|
||||
"elementary", sizeof("elementary") - 1);
|
||||
#ifdef DOXDG
|
||||
home = getenv("XDG_CONFIG_HOME");
|
||||
if (home)
|
||||
{
|
||||
user_dir_len = eina_str_join_len
|
||||
(dst, size, '/', home, strlen(home),
|
||||
"elementary", sizeof("elementary") - 1);
|
||||
}
|
||||
else
|
||||
#endif
|
||||
{
|
||||
home = getenv("HOME");
|
||||
if (!home) home = "/";
|
||||
#ifdef DOXDG
|
||||
user_dir_len = eina_str_join_len
|
||||
(dst, size, '/', home, strlen(home),
|
||||
".config", sizeof(".config") - 1,
|
||||
"elementary", sizeof("elementary") - 1);
|
||||
#else
|
||||
user_dir_len = eina_str_join_len
|
||||
(dst, size, '/', home, strlen(home),
|
||||
ELEMENTARY_BASE_DIR, sizeof(ELEMENTARY_BASE_DIR) - 1);
|
||||
#endif
|
||||
}
|
||||
}
|
||||
else
|
||||
#endif
|
||||
{
|
||||
home = getenv("HOME");
|
||||
if (!home) home = "/";
|
||||
struct passwd *pw = getpwent();
|
||||
|
||||
if ((!pw) || (!pw->pw_dir)) goto end;
|
||||
#ifdef DOXDG
|
||||
user_dir_len = eina_str_join_len
|
||||
(dst, size, '/', home, strlen(home),
|
||||
".config", sizeof(".config") - 1,
|
||||
"elementary", sizeof("elementary") - 1);
|
||||
(dst, size, '/', pw->pw_dir, strlen(pw->pw_dir),
|
||||
".config", sizeof(".config") - 1,
|
||||
"elementary", sizeof("elementary") - 1);
|
||||
#else
|
||||
user_dir_len = eina_str_join_len
|
||||
(dst, size, '/', home, strlen(home),
|
||||
ELEMENTARY_BASE_DIR, sizeof(ELEMENTARY_BASE_DIR) - 1);
|
||||
(dst, size, '/', pw->pw_dir, strlen(pw->pw_dir),
|
||||
ELEMENTARY_BASE_DIR, sizeof(ELEMENTARY_BASE_DIR) - 1);
|
||||
#endif
|
||||
}
|
||||
#endif
|
||||
|
@ -872,6 +892,11 @@ _profile_fetch_from_conf(void)
|
|||
if (s)
|
||||
{
|
||||
_elm_profile = strdup(s);
|
||||
if (_elm_profile)
|
||||
{
|
||||
p = strchr(_elm_profile, '/');
|
||||
if (p) *p = 0;
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
|
@ -884,10 +909,16 @@ _profile_fetch_from_conf(void)
|
|||
if (p)
|
||||
{
|
||||
_elm_profile = malloc(len + 1);
|
||||
memcpy(_elm_profile, p, len);
|
||||
_elm_profile[len] = 0;
|
||||
free(p);
|
||||
if (_elm_profile)
|
||||
{
|
||||
memcpy(_elm_profile, p, len);
|
||||
_elm_profile[len] = 0;
|
||||
free(p);
|
||||
}
|
||||
else free(p);
|
||||
eet_close(ef);
|
||||
p = strchr(_elm_profile, '/');
|
||||
if (p) *p = 0;
|
||||
return;
|
||||
}
|
||||
eet_close(ef);
|
||||
|
@ -902,10 +933,16 @@ _profile_fetch_from_conf(void)
|
|||
if (p)
|
||||
{
|
||||
_elm_profile = malloc(len + 1);
|
||||
memcpy(_elm_profile, p, len);
|
||||
_elm_profile[len] = 0;
|
||||
free(p);
|
||||
if (_elm_profile)
|
||||
{
|
||||
memcpy(_elm_profile, p, len);
|
||||
_elm_profile[len] = 0;
|
||||
free(p);
|
||||
}
|
||||
else free(p);
|
||||
eet_close(ef);
|
||||
p = strchr(_elm_profile, '/');
|
||||
if (p) *p = 0;
|
||||
return;
|
||||
}
|
||||
eet_close(ef);
|
||||
|
@ -2538,6 +2575,8 @@ _elm_config_sub_init(void)
|
|||
}
|
||||
_elm_profile = s;
|
||||
if (changed) _prop_config_get();
|
||||
s = strchr(_elm_profile, '/');
|
||||
if (s) *s = 0;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -309,6 +309,11 @@ _port_indicator_connect_cb(void *data)
|
|||
sd->port_indi_timer = NULL;
|
||||
return ECORE_CALLBACK_CANCEL;
|
||||
}
|
||||
if (strchr(indicator_serv_name, '/'))
|
||||
{
|
||||
sd->port_indi_timer = NULL;
|
||||
return ECORE_CALLBACK_CANCEL;
|
||||
}
|
||||
if (elm_plug_connect(sd->portrait_indicator, indicator_serv_name, 0, EINA_FALSE))
|
||||
{
|
||||
DBG("Conformant connect to server[%s]\n", indicator_serv_name);
|
||||
|
@ -339,6 +344,11 @@ _land_indicator_connect_cb(void *data)
|
|||
sd->land_indi_timer = NULL;
|
||||
return ECORE_CALLBACK_CANCEL;
|
||||
}
|
||||
if (strchr(indicator_serv_name, '/'))
|
||||
{
|
||||
sd->port_indi_timer = NULL;
|
||||
return ECORE_CALLBACK_CANCEL;
|
||||
}
|
||||
if (elm_plug_connect(sd->landscape_indicator, indicator_serv_name, 0, EINA_FALSE))
|
||||
{
|
||||
DBG("Conformant connect to server[%s]\n", indicator_serv_name);
|
||||
|
@ -386,6 +396,10 @@ _create_portrait_indicator(Evas_Object *obj)
|
|||
DBG("Conformant cannot get portrait indicator service name\n");
|
||||
return NULL;
|
||||
}
|
||||
if (strchr(port_indicator_serv_name, '/'))
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
||||
port_indicator = elm_plug_add(obj);
|
||||
if (!port_indicator)
|
||||
|
@ -423,6 +437,10 @@ _create_landscape_indicator(Evas_Object *obj)
|
|||
DBG("Conformant cannot get portrait indicator service name\n");
|
||||
return NULL;
|
||||
}
|
||||
if (strchr(land_indicator_serv_name, '/'))
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
||||
land_indicator = elm_plug_add(obj);
|
||||
if (!land_indicator)
|
||||
|
|
|
@ -122,55 +122,10 @@ _elm_module_find_as(const char *as)
|
|||
Eina_Bool
|
||||
_elm_module_load(Elm_Module *m)
|
||||
{
|
||||
const char *home;
|
||||
char buf[PATH_MAX];
|
||||
|
||||
if (m->module) return EINA_TRUE;
|
||||
|
||||
home = getenv("HOME");
|
||||
if (home)
|
||||
{
|
||||
snprintf(buf, sizeof(buf),
|
||||
"%s/"ELEMENTARY_BASE_DIR "/modules/%s/%s/module"
|
||||
EFL_SHARED_EXTENSION, home, m->name, MODULE_ARCH);
|
||||
m->module = eina_module_new(buf);
|
||||
if ((m->module) && (eina_module_load(m->module) == EINA_TRUE))
|
||||
{
|
||||
m->init_func =
|
||||
eina_module_symbol_get(m->module, "elm_modapi_init");
|
||||
if (m->init_func)
|
||||
{
|
||||
m->shutdown_func =
|
||||
eina_module_symbol_get(m->module, "elm_modapi_shutdown");
|
||||
m->so_path = eina_stringshare_add(buf);
|
||||
snprintf(buf, sizeof(buf),
|
||||
"%s/"ELEMENTARY_BASE_DIR "/modules/%s/%s",
|
||||
home, m->name, MODULE_ARCH);
|
||||
m->bin_dir = eina_stringshare_add(buf);
|
||||
snprintf(buf, sizeof(buf),
|
||||
"%s/"ELEMENTARY_BASE_DIR "/modules/%s",
|
||||
home, m->name);
|
||||
m->data_dir = eina_stringshare_add(buf);
|
||||
}
|
||||
else
|
||||
{
|
||||
if (m->module)
|
||||
{
|
||||
eina_module_unload(m->module);
|
||||
eina_module_free(m->module);
|
||||
m->module = NULL;
|
||||
}
|
||||
return EINA_FALSE;
|
||||
}
|
||||
}
|
||||
else if (m->module)
|
||||
{
|
||||
eina_module_free(m->module);
|
||||
m->module = NULL;
|
||||
}
|
||||
}
|
||||
|
||||
if (m->module) return EINA_TRUE;
|
||||
if (strchr(m->name, '/')) return EINA_FALSE;
|
||||
|
||||
snprintf(buf, sizeof(buf),
|
||||
"%s/elementary/modules/%s/%s/module"EFL_SHARED_EXTENSION,
|
||||
|
|
|
@ -98,9 +98,12 @@ elm_url_download(const char *url, Elm_Url_Done done_cb, Elm_Url_Cancel cancel_cb
|
|||
target = ecore_con_url_new(url);
|
||||
if (!target) goto on_error;
|
||||
|
||||
if (getenv("http_proxy")) ecore_con_url_proxy_set(target, getenv("http_proxy"));
|
||||
if (getenv("https_proxy")) ecore_con_url_proxy_set(target, getenv("https_proxy"));
|
||||
if (getenv("ftp_proxy")) ecore_con_url_proxy_set(target, getenv("ftp_proxy"));
|
||||
if (getuid() == getuid())
|
||||
{
|
||||
if (getenv("http_proxy")) ecore_con_url_proxy_set(target, getenv("http_proxy"));
|
||||
if (getenv("https_proxy")) ecore_con_url_proxy_set(target, getenv("https_proxy"));
|
||||
if (getenv("ftp_proxy")) ecore_con_url_proxy_set(target, getenv("ftp_proxy"));
|
||||
}
|
||||
|
||||
r = malloc(sizeof (Elm_Url));
|
||||
if (!r) goto on_error;
|
||||
|
|
Loading…
Reference in New Issue