diff options
author | Jeremy Huddleston <jeremyhu@apple.com> | 2012-02-17 17:35:26 -0800 |
---|---|---|
committer | Jeremy Huddleston <jeremyhu@apple.com> | 2012-02-24 18:03:20 -0800 |
commit | 49cfa8b7253096d24b2ef6a8d0ba32c4bae9ac23 (patch) | |
tree | 9a32bdd24f2587a94442954fd5313bed65bb9b1f | |
parent | f5ef7a3f8c1e8ac3f715e4059bf3b9a03aafd5a7 (diff) |
launchd/privileged_startx: Improved error resolution
Rather than just failing to do anything when directories aren't what we
want them to be, we now try our best to fix the situation.
Signed-off-by: Jeremy Huddleston <jeremyhu@apple.com>
-rwxr-xr-x | launchd/privileged_startx/10-tmpdirs.cpp | 34 |
1 files changed, 28 insertions, 6 deletions
diff --git a/launchd/privileged_startx/10-tmpdirs.cpp b/launchd/privileged_startx/10-tmpdirs.cpp index 8012597..f48033d 100755 --- a/launchd/privileged_startx/10-tmpdirs.cpp +++ b/launchd/privileged_startx/10-tmpdirs.cpp @@ -1,5 +1,5 @@ XCOMM!/bin/sh -XCOMM Copyright (c) 2008 Apple Inc. +XCOMM Copyright (c) 2008-2012 Apple Inc. XCOMM XCOMM Permission is hereby granted, free of charge, to any person XCOMM obtaining a copy of this software and associated documentation files @@ -36,11 +36,33 @@ else MKTEMP=mktemp fi +STAT=/usr/bin/stat + for dir in /tmp/.ICE-unix /tmp/.X11-unix /tmp/.font-unix ; do - XCOMM Use mktemp rather than mkdir to avoid possible security issue - XCOMM if $dir exists and is a symlink - if ${MKTEMP} -d ${dir} >& /dev/null ; then - chmod 1777 $dir - chown root:wheel $dir + success=0 + for attempt in 1 2 3 4 5 ; do + check=`${STAT} -f '%#p %u %g' ${dir}` + if [ "${check}" = "041777 0 0" ] ; then + success=1 + break + else + saved=$(${MKTEMP} -d /tmp/${dir}-XXXXXXXX) + mv ${dir} ${saved} + echo "${dir} exists but is insecure. It has been moved into ${saved}" + fi + + # Use mktemp rather than mkdir to avoid possible security issue + # if $dir exists and is a symlink (ie protect against a race + # against the above check) + if ${MKTEMP} -d ${dir} >& /dev/null ; then + chmod 1777 $dir + chown 0:0 $dir + success=1 + break + fi + done + + if [ "${success}" -eq 0 ] ; then + echo "Could not successfully create ${dir}" >&2 fi done |