From a93f9c04acedc37277ef60dc7225464b8b62f0ee Mon Sep 17 00:00:00 2001 From: "John (J5) Palmieri" Date: Wed, 15 Jun 2005 15:59:57 +0000 Subject: * dbus/dbus-message.c: (dbus_message_has_path): New method (dbus_message_has_interface): New method (dbus_message_has_member): New method * dbus/dbus/dbus-sysdeps.c (_dbus_check_dir_is_private_to_user): New method * dbus/dbus-keyring.c (_dbus_keyring_reload): Check to see that the keyring directory is private to the user * doc/TODO: - The convenience functions in dbus-bus.h should perhaps have the signatures that they would have if they were autogenerated stubs. e.g. the acquire service function. We should also evaluate which of these functions to include, in light of the fact that GLib/Qt native stubs will probably also exist.: Punted - add dbus_message_has_path(), maybe has_member/interface: fixed in this patch - in dbus-keyring.c, enforce that the keyring dir is not world readable/writable: Fixed in this patch --- dbus/dbus-keyring.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'dbus/dbus-keyring.c') diff --git a/dbus/dbus-keyring.c b/dbus/dbus-keyring.c index 8fbfd685..11f4826c 100644 --- a/dbus/dbus-keyring.c +++ b/dbus/dbus-keyring.c @@ -415,6 +415,9 @@ _dbus_keyring_reload (DBusKeyring *keyring, _DBUS_ASSERT_ERROR_IS_CLEAR (error); + if (!_dbus_check_dir_is_private_to_user (&keyring->directory, error)) + return FALSE; + if (!_dbus_string_init (&contents)) { dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL); @@ -427,7 +430,7 @@ _dbus_keyring_reload (DBusKeyring *keyring, _dbus_string_free (&contents); return FALSE; } - + keys = NULL; n_keys = 0; retval = FALSE; -- cgit