[pulseaudio-discuss] [PATCH v2] core-util: Fail if XDG_RUNTIME_DIR belongs to someone else
Alexander E. Patrakov
patrakov at gmail.com
Mon Sep 8 22:25:06 PDT 2014
09.09.2014 11:10, David Henningsson wrote:
>
>
> On 2014-09-08 17:24, Rémi Denis-Courmont wrote:
>>> diff --git a/src/pulsecore/core-util.c b/src/pulsecore/core-util.c
>>> index d7a95d6..6bb6317 100644
>>> --- a/src/pulsecore/core-util.c
>>> +++ b/src/pulsecore/core-util.c
>>> @@ -1816,6 +1816,14 @@ char *pa_get_runtime_dir(void) {
>>> /* Use the XDG standard for the runtime directory. */
>>> d = getenv("XDG_RUNTIME_DIR");
>>> if (d) {
>>> + struct stat st;
>>> + if (stat(d, &st) == 0 && st.st_uid != getuid()) {
>>
>> This looks like a case of ToCToU to me.
>>
>> In principles, you should probably use open() then fstat(), and then
>> openat to create or access files within the directory.
>
> Thanks for the review. You're right. In this case however, we want to
> prevent root from doing a chown on XDG_RUNTIME_DIR by mistake.
Then the code is too convoluted to express the simple idea that chown
must be done only when running in system mode.
--
Alexander E. Patrakov
More information about the pulseaudio-discuss
mailing list