Show More
@@ -128,6 +128,24 b' static void preparesockdir(const char *s' | |||||
128 | abortmsg("insecure sockdir %s", sockdir); |
|
128 | abortmsg("insecure sockdir %s", sockdir); | |
129 | } |
|
129 | } | |
130 |
|
130 | |||
|
131 | /* | |||
|
132 | * Check if a socket directory exists and is only owned by the current user. | |||
|
133 | * Return 1 if so, 0 if not. This is used to check if XDG_RUNTIME_DIR can be | |||
|
134 | * used or not. According to the specification [1], XDG_RUNTIME_DIR should be | |||
|
135 | * ignored if the directory is not owned by the user with mode 0700. | |||
|
136 | * [1]: https://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html | |||
|
137 | */ | |||
|
138 | static int checkruntimedir(const char *sockdir) | |||
|
139 | { | |||
|
140 | struct stat st; | |||
|
141 | int r = lstat(sockdir, &st); | |||
|
142 | if (r < 0) /* ex. does not exist */ | |||
|
143 | return 0; | |||
|
144 | if (!S_ISDIR(st.st_mode)) /* ex. is a file, not a directory */ | |||
|
145 | return 0; | |||
|
146 | return st.st_uid == geteuid() && (st.st_mode & 0777) == 0700; | |||
|
147 | } | |||
|
148 | ||||
131 | static void getdefaultsockdir(char sockdir[], size_t size) |
|
149 | static void getdefaultsockdir(char sockdir[], size_t size) | |
132 | { |
|
150 | { | |
133 | /* by default, put socket file in secure directory |
|
151 | /* by default, put socket file in secure directory | |
@@ -135,7 +153,7 b' static void getdefaultsockdir(char sockd' | |||||
135 | * (permission of socket file may be ignored on some Unices) */ |
|
153 | * (permission of socket file may be ignored on some Unices) */ | |
136 | const char *runtimedir = getenv("XDG_RUNTIME_DIR"); |
|
154 | const char *runtimedir = getenv("XDG_RUNTIME_DIR"); | |
137 | int r; |
|
155 | int r; | |
138 | if (runtimedir) { |
|
156 | if (runtimedir && checkruntimedir(runtimedir)) { | |
139 | r = snprintf(sockdir, size, "%s/chg", runtimedir); |
|
157 | r = snprintf(sockdir, size, "%s/chg", runtimedir); | |
140 | } else { |
|
158 | } else { | |
141 | const char *tmpdir = getenv("TMPDIR"); |
|
159 | const char *tmpdir = getenv("TMPDIR"); |
General Comments 0
You need to be logged in to leave comments.
Login now