diff options
author | H. Peter Anvin <hpa@zytor.com> | 2011-10-18 19:28:15 -0700 |
---|---|---|
committer | H. Peter Anvin <hpa@zytor.com> | 2011-10-18 19:28:15 -0700 |
commit | 559768e742dd36f8f69e0f8327b539dde2dad29c (patch) | |
tree | 21745cea2121ba2518c260b2a5a43e02dcc4c89e | |
parent | 871cc5f5efbe7f63d9bfabbcb424b9578ac51475 (diff) | |
download | kup-559768e742dd36f8f69e0f8327b539dde2dad29c.tar.gz |
Revert "kup-server: allow deployment with a 1777 tmp directory"
This reverts commit fc4e6164a0457d81f2f22357d251fce306f5e326.
This is the totally wrong way to do it, and actually harms security.
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
-rwxr-xr-x | kup-server | 15 |
1 files changed, 4 insertions, 11 deletions
@@ -55,7 +55,7 @@ use IPC::Open2 qw(open2); use File::Temp qw(tempdir); use BSD::Resource; -use Fcntl qw(:DEFAULT :flock :mode); +use Fcntl qw(:DEFAULT :flock); use POSIX; use Sys::Syslog qw(:standard :macros); @@ -148,16 +148,9 @@ sub make_temp_dir() { $template = $1.'-XXXXXXXXXXXX'; umask(077); - - # Create the per-user temp directory if it doesn't exist already - mkdir($root, 0700); - my @rs = lstat($root); - if (!S_ISDIR($rs[2]) || $rs[4] != getuid() || ($rs[2] & 07777) != 0700) { - fatal("Something is squatting on my temp directory!"); - } - - # Create the session directory - my $dir = tempdir($template, DIR => $root, CLEANUP => 1); + my $dir = tempdir($template, + DIR => $tmp_path.'/'.$user_name, + CLEANUP => 1); } my $tmpdir = make_temp_dir(); |