[glib: 1/2] gdbusauthmechanismsha1: Don’t create keyring dir when running as setuid
- From: Simon McVittie <smcv src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [glib: 1/2] gdbusauthmechanismsha1: Don’t create keyring dir when running as setuid
- Date: Thu, 19 Nov 2020 11:13:27 +0000 (UTC)
commit 4f7c6e1ec8e98a594b0e70a60bf4d4f809db0bae
Author: Philip Withnall <pwithnall endlessos org>
Date: Mon Nov 2 12:04:53 2020 +0000
gdbusauthmechanismsha1: Don’t create keyring dir when running as setuid
Continue to allow overriding the keyring dir, but don’t automatically
create it when running as root.
Signed-off-by: Philip Withnall <pwithnall endlessos org>
Coverity CID: #1432485
gio/gdbusauthmechanismsha1.c | 18 +++++++++++++++++-
1 file changed, 17 insertions(+), 1 deletion(-)
---
diff --git a/gio/gdbusauthmechanismsha1.c b/gio/gdbusauthmechanismsha1.c
index baa4e59d9..095a6663e 100644
--- a/gio/gdbusauthmechanismsha1.c
+++ b/gio/gdbusauthmechanismsha1.c
@@ -40,6 +40,7 @@
#include "gioenumtypes.h"
#include "gioerror.h"
#include "gdbusprivate.h"
+#include "glib-private.h"
#include "glibintl.h"
@@ -265,6 +266,7 @@ ensure_keyring_directory (GError **error)
{
gchar *path;
const gchar *e;
+ gboolean is_setuid;
#ifdef G_OS_UNIX
struct stat statbuf;
#endif
@@ -332,7 +334,10 @@ ensure_keyring_directory (GError **error)
}
#endif /* if !G_OS_UNIX */
- if (g_mkdir_with_parents (path, 0700) != 0)
+ /* Only create the directory if not running as setuid */
+ is_setuid = GLIB_PRIVATE_CALL (g_check_setuid) ();
+ if (!is_setuid &&
+ g_mkdir_with_parents (path, 0700) != 0)
{
int errsv = errno;
g_set_error (error,
@@ -344,6 +349,17 @@ ensure_keyring_directory (GError **error)
g_clear_pointer (&path, g_free);
return NULL;
}
+ else if (is_setuid)
+ {
+ g_set_error (error,
+ G_IO_ERROR,
+ G_IO_ERROR_PERMISSION_DENIED,
+ _("Error creating directory “%s”: %s"),
+ path,
+ _("Operation not supported"));
+ g_clear_pointer (&path, g_free);
+ return NULL;
+ }
return g_steal_pointer (&path);
}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]