diff options
| author | Maxime Coste <mawww@kakoune.org> | 2016-12-15 23:47:34 +0000 |
|---|---|---|
| committer | Maxime Coste <mawww@kakoune.org> | 2016-12-15 23:47:34 +0000 |
| commit | 831887cd3a5b2b71dbb3ef1b25fd0220ea7230d7 (patch) | |
| tree | 3561d09f6c35d4395051d186f74ccb75952ddbfa /src | |
| parent | 9a879262a272bd4c6458fcfa07a9289ee41d7220 (diff) | |
Improve general security of the unix sockets
* Use the stricky bit on the shared kakoune folder
* Do not allow read/write access to user folder
* Respect $TMPDIR when set
Fixes #1007
Diffstat (limited to 'src')
| -rw-r--r-- | src/file.cc | 4 | ||||
| -rw-r--r-- | src/file.hh | 2 | ||||
| -rw-r--r-- | src/remote.cc | 20 |
3 files changed, 20 insertions, 6 deletions
diff --git a/src/file.cc b/src/file.cc index 64061d09..0867fa60 100644 --- a/src/file.cc +++ b/src/file.cc @@ -334,7 +334,7 @@ String find_file(StringView filename, ConstArrayView<String> paths) return ""; } -void make_directory(StringView dir) +void make_directory(StringView dir, mode_t mode) { auto it = dir.begin(), end = dir.end(); while(it != end) @@ -352,7 +352,7 @@ void make_directory(StringView dir) auto old_mask = umask(0); auto restore_mask = on_scope_end([old_mask]() { umask(old_mask); }); - if (mkdir(dirname.zstr(), S_IRWXU | S_IRWXG | S_IRWXO) != 0) + if (mkdir(dirname.zstr(), mode) != 0) throw runtime_error(format("mkdir failed for directory '{}' errno {}", dirname, errno)); } } diff --git a/src/file.hh b/src/file.hh index 89d4e45e..006d0cfd 100644 --- a/src/file.hh +++ b/src/file.hh @@ -56,7 +56,7 @@ bool file_exists(StringView filename); Vector<String> list_files(StringView directory); -void make_directory(StringView dir); +void make_directory(StringView dir, mode_t mode); timespec get_fs_timestamp(StringView filename); diff --git a/src/remote.cc b/src/remote.cc index e402322e..138f56c6 100644 --- a/src/remote.cc +++ b/src/remote.cc @@ -480,14 +480,22 @@ void RemoteUI::set_ui_options(const Options& options) m_socket_watcher.events() |= FdEvents::Write; } +static const char* tmpdir() +{ + if (const char* tmpdir = getenv("TMPDIR")) + return tmpdir; + return "/tmp"; +} + static sockaddr_un session_addr(StringView session) { sockaddr_un addr; addr.sun_family = AF_UNIX; if (find(session, '/')!= session.end()) - format_to(addr.sun_path, "/tmp/kakoune/{}", session); + format_to(addr.sun_path, "{}/kakoune/{}", tmpdir(), session); else - format_to(addr.sun_path, "/tmp/kakoune/{}/{}", getpwuid(geteuid())->pw_name, session); + format_to(addr.sun_path, "{}/kakoune/{}/{}", tmpdir(), + getpwuid(geteuid())->pw_name, session); return addr; } @@ -704,7 +712,13 @@ Server::Server(String session_name) fcntl(listen_sock, F_SETFD, FD_CLOEXEC); sockaddr_un addr = session_addr(m_session); - make_directory(split_path(addr.sun_path).first); + // set sticky bit on the shared kakoune directory + make_directory(format("{}/kakoune", tmpdir()), 01777); + make_directory(split_path(addr.sun_path).first, 0711); + + // Do not give any access to the socket to other users by default + auto old_mask = umask(0077); + auto restore_mask = on_scope_end([old_mask]() { umask(old_mask); }); if (bind(listen_sock, (sockaddr*) &addr, sizeof(sockaddr_un)) == -1) throw runtime_error(format("unable to bind listen socket '{}'", addr.sun_path)); |