mirror of
https://github.com/gentoo-mirror/gentoo.git
synced 2026-02-08 13:17:38 -08:00
56bd759df1
This commit represents a new era for Gentoo: Storing the gentoo-x86 tree in Git, as converted from CVS. This commit is the start of the NEW history. Any historical data is intended to be grafted onto this point. Creation process: 1. Take final CVS checkout snapshot 2. Remove ALL ChangeLog* files 3. Transform all Manifests to thin 4. Remove empty Manifests 5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$ 5.1. Do not touch files with -kb/-ko keyword flags. Signed-off-by: Robin H. Johnson <robbat2@gentoo.org> X-Thanks: Alec Warner <antarus@gentoo.org> - did the GSoC 2006 migration tests X-Thanks: Robin H. Johnson <robbat2@gentoo.org> - infra guy, herding this project X-Thanks: Nguyen Thai Ngoc Duy <pclouds@gentoo.org> - Former Gentoo developer, wrote Git features for the migration X-Thanks: Brian Harring <ferringb@gentoo.org> - wrote much python to improve cvs2svn X-Thanks: Rich Freeman <rich0@gentoo.org> - validation scripts X-Thanks: Patrick Lauer <patrick@gentoo.org> - Gentoo dev, running new 2014 work in migration X-Thanks: Michał Górny <mgorny@gentoo.org> - scripts, QA, nagging X-Thanks: All of other Gentoo developers - many ideas and lots of paint on the bikeshed
55 lines
1.8 KiB
Diff
55 lines
1.8 KiB
Diff
Improve security of get_runtime_dir(strict=False)
|
|
https://github.com/takluyver/pyxdg/commit/bd999c1c3fe7ee5f30ede2cf704cf03e400347b4
|
|
diff --git a/xdg/BaseDirectory.py b/xdg/BaseDirectory.py
|
|
index cececa3..a7c31b1 100644
|
|
--- a/xdg/BaseDirectory.py
|
|
+++ b/xdg/BaseDirectory.py
|
|
@@ -25,7 +25,7 @@
|
|
Note: see the rox.Options module for a higher-level API for managing options.
|
|
"""
|
|
|
|
-import os
|
|
+import os, stat
|
|
|
|
_home = os.path.expanduser('~')
|
|
xdg_data_home = os.environ.get('XDG_DATA_HOME') or \
|
|
@@ -131,15 +131,30 @@ def get_runtime_dir(strict=True):
|
|
|
|
import getpass
|
|
fallback = '/tmp/pyxdg-runtime-dir-fallback-' + getpass.getuser()
|
|
+ create = False
|
|
+
|
|
try:
|
|
- os.mkdir(fallback, 0o700)
|
|
+ # This must be a real directory, not a symlink, so attackers can't
|
|
+ # point it elsewhere. So we use lstat to check it.
|
|
+ st = os.lstat(fallback)
|
|
except OSError as e:
|
|
import errno
|
|
- if e.errno == errno.EEXIST:
|
|
- # Already exists - set 700 permissions again.
|
|
- import stat
|
|
- os.chmod(fallback, stat.S_IRUSR|stat.S_IWUSR|stat.S_IXUSR)
|
|
- else: # pragma: no cover
|
|
+ if e.errno == errno.ENOENT:
|
|
+ create = True
|
|
+ else:
|
|
raise
|
|
-
|
|
+ else:
|
|
+ # The fallback must be a directory
|
|
+ if not stat.S_ISDIR(st.st_mode):
|
|
+ os.unlink(fallback)
|
|
+ create = True
|
|
+ # Must be owned by the user and not accessible by anyone else
|
|
+ elif (st.st_uid != os.getuid()) \
|
|
+ or (st.st_mode & (stat.S_IRWXG | stat.S_IRWXO)):
|
|
+ os.rmdir(fallback)
|
|
+ create = True
|
|
+
|
|
+ if create:
|
|
+ os.mkdir(fallback, 0o700)
|
|
+
|
|
return fallback
|
|
|