cedric pushed a commit to branch master.
http://git.enlightenment.org/core/efl.git/commit/?id=2aa2b6390753639902e353f2711fefa940eb5fd3
commit 2aa2b6390753639902e353f2711fefa940eb5fd3
Author: Vincent Torri <vincent.to...@gmail.com>
Date: Mon Oct 12 16:11:00 2015 -0700
eina: fix potential security issue.
This also follow the behavior of eina_file_mkstemp.
Signed-off-by: Cedric BAIL <ced...@osg.samsung.com>
---
src/lib/eina/eina_util.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/src/lib/eina/eina_util.c b/src/lib/eina/eina_util.c
index 886fe3b..b1d05ae 100644
--- a/src/lib/eina/eina_util.c
+++ b/src/lib/eina/eina_util.c
@@ -85,8 +85,13 @@ eina_environment_tmp_get(void)
return tmp;
#else
- tmp = getenv("TMPDIR");
- if (!tmp) tmp = getenv("XDG_RUNTIME_DIR");
+# if defined(HAVE_GETUID) && defined(HAVE_GETEUID)
+ if (getuid() == geteuid())
+# endif
+ {
+ tmp = getenv("TMPDIR");
+ if (!tmp) tmp = getenv("XDG_RUNTIME_DIR");
+ }
if (!tmp) tmp = "/tmp";
return tmp;
--
