diff options
| author | Robert Ancell <robert.ancell@canonical.com> | 2013-09-10 22:24:02 +0000 |
|---|---|---|
| committer | Tarmac <> | 2013-09-10 22:24:02 +0000 |
| commit | d6dd9f60064f429f63b63eb749d603f9f83dacb3 (patch) | |
| tree | 0e5a5769903a0ceb35295db35f557eb5a67c1d83 | |
| parent | 5c0e195e4f05a23d47cf9c37048ecd776ad76385 (diff) | |
| parent | dd5dae15b5179c2a107203e6c98eabeb992bc592 (diff) | |
| download | lightdm-d6dd9f60064f429f63b63eb749d603f9f83dacb3.tar.gz | |
Correctly set permissions on Xauthority file.
Approved by Robert Ancell, PS Jenkins bot.
| -rw-r--r-- | src/x-authority.c | 12 | ||||
| -rw-r--r-- | tests/scripts/system-xauthority.conf | 4 | ||||
| -rw-r--r-- | tests/scripts/xauthority.conf | 4 | ||||
| -rw-r--r-- | tests/src/libsystem.c | 16 | ||||
| -rw-r--r-- | tests/src/test-session.c | 30 |
5 files changed, 66 insertions, 0 deletions
diff --git a/src/x-authority.c b/src/x-authority.c index c51896f0..e9b42f82 100644 --- a/src/x-authority.c +++ b/src/x-authority.c @@ -325,6 +325,18 @@ x_authority_write (XAuthority *auth, XAuthWriteMode mode, const gchar *filename, return FALSE; } + /* Only allow the file to be read by this user */ + if (chmod (filename, S_IRUSR | S_IWUSR) != 0) + { + g_set_error (error, + G_FILE_ERROR, + g_file_error_from_errno (errno), + "Failed to set permissions on X authority %s: %s", + filename, + g_strerror (errno)); + return FALSE; + } + for (link = records; link && result; link = link->next) { XAuthority *a = link->data; diff --git a/tests/scripts/system-xauthority.conf b/tests/scripts/system-xauthority.conf index ea650c32..0389c52a 100644 --- a/tests/scripts/system-xauthority.conf +++ b/tests/scripts/system-xauthority.conf @@ -28,6 +28,10 @@ user-session=default #?*SESSION-X-0 READ-ENV NAME=XAUTHORITY #?SESSION-X-0 READ-ENV NAME=XAUTHORITY VALUE=.*/var/run/lightdm/have-password1/xauthority +# Check has correct permissions +#?*SESSION-X-0 CHECK-X-AUTHORITY +#?SESSION-X-0 CHECK-X-AUTHORITY MODE=rw------- + # Cleanup #?*STOP-DAEMON #?SESSION-X-0 TERMINATE SIGNAL=15 diff --git a/tests/scripts/xauthority.conf b/tests/scripts/xauthority.conf index 5f73d1e8..a15e4546 100644 --- a/tests/scripts/xauthority.conf +++ b/tests/scripts/xauthority.conf @@ -25,6 +25,10 @@ user-session=default #?*SESSION-X-0 READ-ENV NAME=XAUTHORITY #?SESSION-X-0 READ-ENV NAME=XAUTHORITY VALUE=.*/home/have-password1/.Xauthority +# Check has correct permissions +#?*SESSION-X-0 CHECK-X-AUTHORITY +#?SESSION-X-0 CHECK-X-AUTHORITY MODE=rw------- + # Cleanup #?*STOP-DAEMON #?SESSION-X-0 TERMINATE SIGNAL=15 diff --git a/tests/src/libsystem.c b/tests/src/libsystem.c index 6ba9cee0..7a15dbad 100644 --- a/tests/src/libsystem.c +++ b/tests/src/libsystem.c @@ -416,6 +416,22 @@ chown (const char *pathname, uid_t owner, gid_t group) } int +chmod (const char *path, mode_t mode) +{ + int (*_chmod) (const char *path, mode_t mode); + gchar *new_path = NULL; + int result; + + _chmod = (int (*)(const char *path, mode_t mode)) dlsym (RTLD_NEXT, "chmod"); + + new_path = redirect_path (path); + result = _chmod (new_path, mode); + g_free (new_path); + + return result; +} + +int ioctl (int d, int request, void *data) { int (*_ioctl) (int d, int request, void *data); diff --git a/tests/src/test-session.c b/tests/src/test-session.c index f905112d..989f359e 100644 --- a/tests/src/test-session.c +++ b/tests/src/test-session.c @@ -10,6 +10,7 @@ #include <glib-object.h> #include <gio/gio.h> #include <glib-unix.h> +#include <glib/gstdio.h> #include "status.h" @@ -167,6 +168,35 @@ request_cb (const gchar *request) if (strcmp (request, r) == 0) status_notify ("%s LIST-UNKNOWN-FILE-DESCRIPTORS FDS=%s", session_id, open_fds->str); g_free (r); + + r = g_strdup_printf ("%s CHECK-X-AUTHORITY", session_id); + if (strcmp (request, r) == 0) + { + gchar *xauthority; + GStatBuf file_info; + GString *mode_string; + + xauthority = g_strdup (g_getenv ("XAUTHORITY")); + if (!xauthority) + xauthority = g_build_filename (g_get_home_dir (), ".Xauthority", NULL); + + g_stat (xauthority, &file_info); + g_free (xauthority); + + mode_string = g_string_new (""); + g_string_append_c (mode_string, file_info.st_mode & S_IRUSR ? 'r' : '-'); + g_string_append_c (mode_string, file_info.st_mode & S_IWUSR ? 'w' : '-'); + g_string_append_c (mode_string, file_info.st_mode & S_IXUSR ? 'x' : '-'); + g_string_append_c (mode_string, file_info.st_mode & S_IRGRP ? 'r' : '-'); + g_string_append_c (mode_string, file_info.st_mode & S_IWGRP ? 'w' : '-'); + g_string_append_c (mode_string, file_info.st_mode & S_IXGRP ? 'x' : '-'); + g_string_append_c (mode_string, file_info.st_mode & S_IROTH ? 'r' : '-'); + g_string_append_c (mode_string, file_info.st_mode & S_IWOTH ? 'w' : '-'); + g_string_append_c (mode_string, file_info.st_mode & S_IXOTH ? 'x' : '-'); + status_notify ("%s CHECK-X-AUTHORITY MODE=%s", session_id, mode_string->str); + g_string_free (mode_string, TRUE); + } + g_free (r); } int |