From 4f7c6e1ec8e98a594b0e70a60bf4d4f809db0bae Mon Sep 17 00:00:00 2001 From: Philip Withnall Date: Mon, 2 Nov 2020 12:04:53 +0000 Subject: [PATCH] =?UTF-8?q?gdbusauthmechanismsha1:=20Don=E2=80=99t=20creat?= =?UTF-8?q?e=20keyring=20dir=20when=20running=20as=20setuid?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Continue to allow overriding the keyring dir, but don’t automatically create it when running as root. Signed-off-by: Philip Withnall Coverity CID: #1432485 --- gio/gdbusauthmechanismsha1.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/gio/gdbusauthmechanismsha1.c b/gio/gdbusauthmechanismsha1.c index baa4e59d9..095a6663e 100644 --- a/gio/gdbusauthmechanismsha1.c +++ b/gio/gdbusauthmechanismsha1.c @@ -40,6 +40,7 @@ #include "gioenumtypes.h" #include "gioerror.h" #include "gdbusprivate.h" +#include "glib-private.h" #include "glibintl.h" @@ -265,6 +266,7 @@ ensure_keyring_directory (GError **error) { gchar *path; const gchar *e; + gboolean is_setuid; #ifdef G_OS_UNIX struct stat statbuf; #endif @@ -332,7 +334,10 @@ ensure_keyring_directory (GError **error) } #endif /* if !G_OS_UNIX */ - if (g_mkdir_with_parents (path, 0700) != 0) + /* Only create the directory if not running as setuid */ + is_setuid = GLIB_PRIVATE_CALL (g_check_setuid) (); + if (!is_setuid && + g_mkdir_with_parents (path, 0700) != 0) { int errsv = errno; g_set_error (error, @@ -344,6 +349,17 @@ ensure_keyring_directory (GError **error) g_clear_pointer (&path, g_free); return NULL; } + else if (is_setuid) + { + g_set_error (error, + G_IO_ERROR, + G_IO_ERROR_PERMISSION_DENIED, + _("Error creating directory “%s”: %s"), + path, + _("Operation not supported")); + g_clear_pointer (&path, g_free); + return NULL; + } return g_steal_pointer (&path); }