[mutter] xwayland: Check permissions on /tmp/.X11-unix

From: Marge Bot <marge-bot src gnome org>
To: commits-list gnome org
Cc:
Subject: [mutter] xwayland: Check permissions on /tmp/.X11-unix
Date: Thu, 18 Mar 2021 17:16:25 +0000 (UTC)

commit 1f1bf4cd9d1c8a18c7ae1dd7f5e69be32546fa7c
Author: Olivier Fourdan <ofourdan redhat com>
Date:   Thu Mar 18 09:56:34 2021 +0100

    xwayland: Check permissions on /tmp/.X11-unix
    
    For Xwayland, mutter creates the sockets in the standard /tmp/.X11-unix
    directory.
    
    Yet, if that directory already exists, it may have been created by
    another user with full control over the created socket.
    
    To avoid that issue, if the directory /tmp/.X11-unix already exists,
    check that the permissions are as we expect, i.e. the directory belongs
    to either root or the user herself, is writable and has the sticky bit.
    
    Thanks to fabian ritter-vogt de for reporting that issue.
    
    https://gitlab.gnome.org/GNOME/mutter/-/issues/1708
    
    Part-of: <https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/1787>

 src/wayland/meta-xwayland.c | 45 ++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 44 insertions(+), 1 deletion(-)
---
diff --git a/src/wayland/meta-xwayland.c b/src/wayland/meta-xwayland.c
index 34837b1612..287bce2d2f 100644
--- a/src/wayland/meta-xwayland.c
+++ b/src/wayland/meta-xwayland.c
@@ -627,13 +627,56 @@ meta_xwayland_override_display_number (int number)
   display_number_override = number;
 }
 
+static gboolean
+ensure_x11_unix_perms (GError **error)
+{
+  struct stat buf;
+
+  if (lstat (X11_TMP_UNIX_DIR, &buf) != 0)
+    {
+      g_set_error (error, G_IO_ERROR, g_io_error_from_errno (errno),
+                   "Failed to check permissions on directory \"%s\": %s",
+                   X11_TMP_UNIX_DIR, g_strerror (errno));
+      return FALSE;
+    }
+
+  /* If the directory already exists, it should belong to root or ourselves ... */
+  if (buf.st_uid != 0 && buf.st_uid != getuid ())
+    {
+      g_set_error (error, G_IO_ERROR, G_IO_ERROR_PERMISSION_DENIED,
+                   "Wrong ownership for directory \"%s\"",
+                   X11_TMP_UNIX_DIR);
+      return FALSE;
+    }
+
+  /* ... be writable ... */
+  if ((buf.st_mode & 0022) != 0022)
+    {
+      g_set_error (error, G_IO_ERROR, G_IO_ERROR_PERMISSION_DENIED,
+                   "Directory \"%s\" is not writable",
+                   X11_TMP_UNIX_DIR);
+      return FALSE;
+    }
+
+  /* ... and have the sticky bit set */
+  if ((buf.st_mode & 01000) != 01000)
+    {
+      g_set_error (error, G_IO_ERROR, G_IO_ERROR_PERMISSION_DENIED,
+                   "Directory \"%s\" is missing the sticky bit",
+                   X11_TMP_UNIX_DIR);
+      return FALSE;
+    }
+
+  return TRUE;
+}
+
 static gboolean
 ensure_x11_unix_dir (GError **error)
 {
   if (mkdir (X11_TMP_UNIX_DIR, 01777) != 0)
     {
       if (errno == EEXIST)
-        return TRUE;
+        return ensure_x11_unix_perms (error);
 
       g_set_error (error, G_IO_ERROR, g_io_error_from_errno (errno),
                    "Failed to create directory \"%s\": %s",

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]