diff options
| -rw-r--r-- | configure.ac | 2 | ||||
| -rw-r--r-- | src/pulsecore/core-util.c | 39 | 
2 files changed, 35 insertions, 6 deletions
| diff --git a/configure.ac b/configure.ac index 1b807880..abcce13f 100644 --- a/configure.ac +++ b/configure.ac @@ -424,7 +424,7 @@ AC_CHECK_FUNCS_ONCE([lrintf strtof])  AC_FUNC_FORK  AC_FUNC_GETGROUPS  AC_FUNC_SELECT_ARGTYPES -AC_CHECK_FUNCS_ONCE([chmod chown clock_gettime getaddrinfo getgrgid_r getgrnam_r \ +AC_CHECK_FUNCS_ONCE([chmod chown fstat fchown fchmod clock_gettime getaddrinfo getgrgid_r getgrnam_r \      getpwnam_r getpwuid_r gettimeofday getuid inet_ntop inet_pton mlock nanosleep \      pipe posix_fadvise posix_madvise posix_memalign setpgid setsid shm_open \      sigaction sleep sysconf pthread_setaffinity_np]) diff --git a/src/pulsecore/core-util.c b/src/pulsecore/core-util.c index d6017b9d..a6425532 100644 --- a/src/pulsecore/core-util.c +++ b/src/pulsecore/core-util.c @@ -199,7 +199,7 @@ void pa_make_fd_cloexec(int fd) {  /** Creates a directory securely */  int pa_make_secure_dir(const char* dir, mode_t m, uid_t uid, gid_t gid) {      struct stat st; -    int r, saved_errno; +    int r, saved_errno, fd;      pa_assert(dir); @@ -217,16 +217,45 @@ int pa_make_secure_dir(const char* dir, mode_t m, uid_t uid, gid_t gid) {      if (r < 0 && errno != EEXIST)          return -1; -#ifdef HAVE_CHOWN +#ifdef HAVE_FSTAT +    if ((fd = open(dir, +#ifdef O_CLOEXEC +                   O_CLOEXEC| +#endif +#ifdef O_NOCTTY +                   O_NOCTTY| +#endif +#ifdef O_NOFOLLOW +                   O_NOFOLLOW| +#endif +                   O_RDONLY)) < 0) +        goto fail; + +    if (fstat(fd, &st) < 0) { +        pa_assert_se(pa_close(fd) >= 0); +        goto fail; +    } + +    if (!S_ISDIR(st.st_mode)) { +        pa_assert_se(pa_close(fd) >= 0); +        errno = EEXIST; +        goto fail; +    } + +#ifdef HAVE_FCHOWN      if (uid == (uid_t)-1)          uid = getuid();      if (gid == (gid_t)-1)          gid = getgid(); -    (void) chown(dir, uid, gid); +    (void) fchown(fd, uid, gid); +#endif + +#ifdef HAVE_FCHMOD +    (void) fchmod(fd, m);  #endif -#ifdef HAVE_CHMOD -    chmod(dir, m); +    pa_assert_se(pa_close(fd) >= 0); +  #endif  #ifdef HAVE_LSTAT | 
