discomfitor pushed a commit to branch master.
http://git.enlightenment.org/core/enlightenment.git/commit/?id=fac201c52871b9fa4ec1c75c040243ff2563eb20
commit fac201c52871b9fa4ec1c75c040243ff2563eb20
Author: Mike Blumenkrantz <zm...@osg.samsung.com>
Date: Mon Feb 29 10:35:26 2016 -0500
simplify ipc socket creation
in trying to be extra secure here, a security hole is created due to time
between mkdir and stat calls
CID 1039781
---
src/bin/e_ipc.c | 9 +--------
1 file changed, 1 insertion(+), 8 deletions(-)
diff --git a/src/bin/e_ipc.c b/src/bin/e_ipc.c
index 1ffb336..6058a3c 100644
--- a/src/bin/e_ipc.c
+++ b/src/bin/e_ipc.c
@@ -77,13 +77,7 @@ e_ipc_init(void)
{
snprintf(buf, sizeof(buf), "%s/e-%s@%x",
base, user, id1);
- if (mkdir(buf, S_IRWXU) < 0)
- goto retry;
- if (stat(buf, &st) < 0)
- goto retry;
- if ((st.st_uid == getuid()) &&
- ((st.st_mode & (S_IFDIR | S_IRWXU | S_IRWXG | S_IRWXO)) ==
- (S_IRWXU | S_IFDIR)))
+ if (!mkdir(buf, S_IRWXU))
{
#ifdef USE_IPC
snprintf(buf3, sizeof(buf3), "%s/%i",
@@ -97,7 +91,6 @@ e_ipc_init(void)
break;
}
}
-retry:
id1 = rand();
}
#ifdef USE_IPC
--
