Alexandre Julliard : ntdll: Refuse to create the . wine directory if the parent belongs to a different user.
Alexandre Julliard
julliard at winehq.org
Fri Mar 21 07:47:00 CDT 2008
Module: wine
Branch: master
Commit: 3e8532779f1f93619f3686be0571c661619b1f73
URL: http://source.winehq.org/git/wine.git/?a=commit;h=3e8532779f1f93619f3686be0571c661619b1f73
Author: Alexandre Julliard <julliard at winehq.org>
Date: Fri Mar 21 11:28:31 2008 +0100
ntdll: Refuse to create the .wine directory if the parent belongs to a different user.
---
dlls/ntdll/server.c | 13 ++++++++++++-
1 files changed, 12 insertions(+), 1 deletions(-)
diff --git a/dlls/ntdll/server.c b/dlls/ntdll/server.c
index 0211394..ddabb67 100644
--- a/dlls/ntdll/server.c
+++ b/dlls/ntdll/server.c
@@ -886,13 +886,24 @@ done:
*/
static void create_config_dir(void)
{
- const char *config_dir = wine_get_config_dir();
+ const char *p, *config_dir = wine_get_config_dir();
char *tmp_dir;
int fd;
pid_t pid, wret;
if (!(tmp_dir = malloc( strlen(config_dir) + sizeof("-XXXXXX") )))
fatal_error( "out of memory\n" );
+
+ if ((p = strrchr( config_dir, '/' )) && p != config_dir)
+ {
+ struct stat st;
+
+ memcpy( tmp_dir, config_dir, p - config_dir );
+ tmp_dir[p - config_dir] = 0;
+ if (!stat( tmp_dir, &st ) && st.st_uid != getuid())
+ fatal_error( "'%s' is not owned by you, refusing to create a configuration directory there\n",
+ tmp_dir );
+ }
strcpy( tmp_dir, config_dir );
strcat( tmp_dir, "-XXXXXX" );
if ((fd = mkstemps( tmp_dir, 0 )) == -1)
More information about the wine-cvs
mailing list