From f2f5dffb1dcc4fd8481e58a686d088e4286441b0 Mon Sep 17 00:00:00 2001 From: "Alexander E. Patrakov" Date: Sun, 20 Apr 2014 21:58:19 +0600 Subject: [PATCH] core-util: Remove redundant check of directory permissions Initially (in commit ef422fa4ae626e9638ca70d1c56f27e701dd69c2), pa_make_secure_dir followed a simple principle: "make a directory, or, if it exists, check that it is suitable". Later this evolved into "make a directory, or, if it exists, ensure that it is suitable". But the check remained. The check is now neither sufficient nor necessary. On POSIX-compliant systems, the fstat results being checked are actually post-conditions of fchmod and fchown. And on systems implementing POSIX ACLs, fstat only reflects a part of the information relevant to the security of the directory permissions, so PulseAudio could accept an existing insecure directory anyway. Also, the check still fires on non-POSIX-compliant filesystems like CIFS. As a user cannot do anything to fix it, just accept insecure permissions in this case. --- src/pulsecore/core-util.c | 24 +++++------------------- 1 file changed, 5 insertions(+), 19 deletions(-) diff --git a/src/pulsecore/core-util.c b/src/pulsecore/core-util.c index 3e2c615f..afd872f5 100644 --- a/src/pulsecore/core-util.c +++ b/src/pulsecore/core-util.c @@ -343,30 +343,16 @@ again: #endif #ifdef HAVE_FCHMOD - (void) fchmod(fd, m); + if (fchmod(fd, m) < 0) { + pa_assert_se(pa_close(fd) >= 0); + goto fail; + }; #endif pa_assert_se(pa_close(fd) >= 0); } -#endif - -#ifdef HAVE_LSTAT - if (lstat(dir, &st) < 0) -#else - if (stat(dir, &st) < 0) -#endif - goto fail; - -#ifndef OS_IS_WIN32 - if (!S_ISDIR(st.st_mode) || - (st.st_uid != uid) || - (st.st_gid != gid) || - ((st.st_mode & 0777) != m)) { - errno = EACCES; - goto fail; - } #else - pa_log_warn("Secure directory creation not supported on Win32."); + pa_log_warn("Secure directory creation not supported on this platform."); #endif return 0; -- 2.39.2