summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPhilip Withnall <withnall@endlessm.com>2019-01-16 14:21:24 +0000
committerRay Strode <halfline@gmail.com>2019-02-22 19:30:05 +0000
commit657c681a3e4b14a91b4b0851bfa69513b5eb68f3 (patch)
tree9512a3302244a7b54ad7c7b29eb9ae8d30b0a688
parent5dd8b3bd240b3da3deafcdfadcada7495b46a111 (diff)
src: Ensure users directory is private at startup
The /var/lib/AccountsService/users directory contains per-user configuration which should be accessed through the D-Bus interface. Especially for extensions, access control is provided by polkit. Don’t allow users to read the configuration for other users’ accounts directly from the file system, bypassing the polkit access controls. Signed-off-by: Philip Withnall <withnall@endlessm.com>
-rw-r--r--src/main.c57
1 files changed, 54 insertions, 3 deletions
diff --git a/src/main.c b/src/main.c
index 9caec7f..01cb617 100644
--- a/src/main.c
+++ b/src/main.c
@@ -31,6 +31,7 @@
#include <glib.h>
#include <glib/gi18n.h>
+#include <glib/gstdio.h>
#include <glib-unix.h>
#include "daemon.h"
@@ -39,9 +40,10 @@
static gboolean
ensure_directory (const char *path,
+ gint mode,
GError **error)
{
- if (g_mkdir_with_parents (path, 0775) < 0) {
+ if (g_mkdir_with_parents (path, mode) < 0) {
g_set_error (error,
G_FILE_ERROR,
g_file_error_from_errno (errno),
@@ -49,6 +51,54 @@ ensure_directory (const char *path,
path);
return FALSE;
}
+
+ if (g_chmod (path, mode) < 0) {
+ g_set_error (error,
+ G_FILE_ERROR,
+ g_file_error_from_errno (errno),
+ "Failed to change permissions of directory %s: %m",
+ path);
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+static gboolean
+ensure_file_permissions (const char *dir_path,
+ gint file_mode,
+ GError **error)
+{
+ GDir *dir = NULL;
+ const gchar *filename;
+ gint errsv = 0;
+
+ dir = g_dir_open (dir_path, 0, error);
+ if (dir == NULL)
+ return FALSE;
+
+ while ((filename = g_dir_read_name (dir)) != NULL) {
+ gchar *file_path = g_build_filename (dir_path, filename, NULL);
+
+ g_debug ("Changing permission of %s to %04o", file_path, file_mode);
+ if (g_chmod (file_path, file_mode) < 0)
+ errsv = errno;
+
+ g_free (file_path);
+ }
+
+ g_dir_close (dir);
+
+ /* Report any errors after all chmod()s have been attempted. */
+ if (errsv != 0) {
+ g_set_error (error,
+ G_FILE_ERROR,
+ g_file_error_from_errno (errsv),
+ "Failed to change permissions of files in directory %s: %m",
+ dir_path);
+ return FALSE;
+ }
+
return TRUE;
}
@@ -61,8 +111,9 @@ on_bus_acquired (GDBusConnection *connection,
Daemon *daemon;
g_autoptr(GError) error = NULL;
- if (!ensure_directory (ICONDIR, &error) ||
- !ensure_directory (USERDIR, &error)) {
+ if (!ensure_directory (ICONDIR, 0775, &error) ||
+ !ensure_directory (USERDIR, 0700, &error) ||
+ !ensure_file_permissions (USERDIR, 0600, &error)) {
g_printerr ("%s\n", error->message);
g_main_loop_quit (loop);
return;