diff options
author | Ray Strode <rstrode@redhat.com> | 2009-10-27 10:35:37 -0400 |
---|---|---|
committer | Ray Strode <rstrode@redhat.com> | 2009-11-05 15:40:44 -0500 |
commit | 5b6bcb5c999f8783d4c7daff846bd274a1b240e6 (patch) | |
tree | 22e5628c65608e95737040c7ebe45b02bdc6c338 /daemon | |
parent | c3791ea95a5da4f234d6a6587bf80e164d311ca1 (diff) | |
download | gdm-5b6bcb5c999f8783d4c7daff846bd274a1b240e6.tar.gz |
Lock down /var/run/gdm
We don't need it so open now that screenshots are written to their
own directory, and having it open has implications for quota abuse.
Diffstat (limited to 'daemon')
-rw-r--r-- | daemon/gdm-display-access-file.c | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/daemon/gdm-display-access-file.c b/daemon/gdm-display-access-file.c index a3d3e2f7..1b52f153 100644 --- a/daemon/gdm-display-access-file.c +++ b/daemon/gdm-display-access-file.c @@ -268,10 +268,10 @@ _create_xauth_file_for_user (const char *username, fp = NULL; fd = -1; - /* Create directory if not exist, then set permission 01775 and ownership root:gdm */ + /* Create directory if not exist, then set permission 0711 and ownership root:gdm */ if (g_file_test (GDM_XAUTH_DIR, G_FILE_TEST_IS_DIR) == FALSE) { g_unlink (GDM_XAUTH_DIR); - if (g_mkdir (GDM_XAUTH_DIR, S_ISVTX | S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH) != 0) { + if (g_mkdir (GDM_XAUTH_DIR, 0711) != 0) { g_set_error (error, G_FILE_ERROR, g_file_error_from_errno (errno), @@ -279,15 +279,15 @@ _create_xauth_file_for_user (const char *username, goto out; } - g_chmod (GDM_XAUTH_DIR, S_ISVTX | S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH); + g_chmod (GDM_XAUTH_DIR, 0711); _get_uid_and_gid_for_user (GDM_USERNAME, &uid, &gid); if (chown (GDM_XAUTH_DIR, 0, gid) != 0) { g_warning ("Unable to change owner of '%s'", GDM_XAUTH_DIR); } } else { - /* if it does exist make sure it has correct mode 01775 */ - g_chmod (GDM_XAUTH_DIR, S_ISVTX | S_IRWXU |S_IRWXG | S_IROTH | S_IXOTH); + /* if it does exist make sure it has correct mode 0711 */ + g_chmod (GDM_XAUTH_DIR, 0711); /* and clean up any stale auth subdirs */ clean_up_stale_auth_subdirs (); @@ -368,8 +368,8 @@ _create_xauth_file_for_user (const char *username, } /* now open up permissions on per-session directory */ - g_debug ("GdmDisplayAccessFile: chmoding %s to 1777", dir_name); - g_chmod (dir_name, S_ISVTX | S_IRWXU | S_IRWXG | S_IRWXO); + g_debug ("GdmDisplayAccessFile: chmoding %s to 0711", dir_name); + g_chmod (dir_name, 0711); errno = 0; fp = fdopen (fd, "w"); |