You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
48 lines
1.8 KiB
48 lines
1.8 KiB
diff -up pyxdg-0.25/xdg/BaseDirectory.py.CVE-2014-1624 pyxdg-0.25/xdg/BaseDirectory.py |
|
--- pyxdg-0.25/xdg/BaseDirectory.py.CVE-2014-1624 2014-12-04 11:49:53.681654931 -0500 |
|
+++ pyxdg-0.25/xdg/BaseDirectory.py 2014-12-04 11:52:45.831522703 -0500 |
|
@@ -25,7 +25,7 @@ Typical usage: |
|
Note: see the rox.Options module for a higher-level API for managing options. |
|
""" |
|
|
|
-import os |
|
+import os, stat |
|
|
|
_home = os.path.expanduser('~') |
|
xdg_data_home = os.environ.get('XDG_DATA_HOME') or \ |
|
@@ -131,15 +131,29 @@ def get_runtime_dir(strict=True): |
|
|
|
import getpass |
|
fallback = '/tmp/pyxdg-runtime-dir-fallback-' + getpass.getuser() |
|
+ create = False |
|
try: |
|
- os.mkdir(fallback, 0o700) |
|
+ # This must be a real directory, not a symlink, so attackers can't |
|
+ # point it elsewhere. So we use lstat to check it. |
|
+ st = os.lstat(fallback) |
|
except OSError as e: |
|
import errno |
|
- if e.errno == errno.EEXIST: |
|
- # Already exists - set 700 permissions again. |
|
- import stat |
|
- os.chmod(fallback, stat.S_IRUSR|stat.S_IWUSR|stat.S_IXUSR) |
|
- else: # pragma: no cover |
|
+ if e.errno == errno.ENOENT: |
|
+ create = True |
|
+ else: |
|
raise |
|
+ else: |
|
+ # The fallback must be a directory |
|
+ if not stat.S_ISDIR(st.st_mode): |
|
+ os.unlink(fallback) |
|
+ create = True |
|
+ # Must be owned by the user and not accessible by anyone else |
|
+ elif (st.st_uid != os.getuid()) \ |
|
+ or (st.st_mode & (stat.S_IRWXG | stat.S_IRWXO)): |
|
+ os.rmdir(fallback) |
|
+ create = True |
|
+ |
|
+ if create: |
|
+ os.mkdir(fallback, 0o700) |
|
|
|
return fallback
|
|
|