gdbusauthmechanismsha1: Don’t create keyring dir when running as setuid

Continue to allow overriding the keyring dir, but don’t automatically
create it when running as root.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Coverity CID: #1432485
This commit is contained in:
Philip Withnall 2020-11-02 12:04:53 +00:00
parent b04a359d1e
commit 4f7c6e1ec8

View File

@ -40,6 +40,7 @@
#include "gioenumtypes.h"
#include "gioerror.h"
#include "gdbusprivate.h"
#include "glib-private.h"
#include "glibintl.h"
@ -265,6 +266,7 @@ ensure_keyring_directory (GError **error)
{
gchar *path;
const gchar *e;
gboolean is_setuid;
#ifdef G_OS_UNIX
struct stat statbuf;
#endif
@ -332,7 +334,10 @@ ensure_keyring_directory (GError **error)
}
#endif /* if !G_OS_UNIX */
if (g_mkdir_with_parents (path, 0700) != 0)
/* Only create the directory if not running as setuid */
is_setuid = GLIB_PRIVATE_CALL (g_check_setuid) ();
if (!is_setuid &&
g_mkdir_with_parents (path, 0700) != 0)
{
int errsv = errno;
g_set_error (error,
@ -344,6 +349,17 @@ ensure_keyring_directory (GError **error)
g_clear_pointer (&path, g_free);
return NULL;
}
else if (is_setuid)
{
g_set_error (error,
G_IO_ERROR,
G_IO_ERROR_PERMISSION_DENIED,
_("Error creating directory “%s”: %s"),
path,
_("Operation not supported"));
g_clear_pointer (&path, g_free);
return NULL;
}
return g_steal_pointer (&path);
}