diff options
author | Federico Mena Quintero | 2013-07-02 13:38:36 -0500 |
---|---|---|
committer | Federico Mena Quintero | 2013-07-02 20:31:45 -0500 |
commit | a2ddca0916ef776dbd0c6304ea36b4ca7a35302c (patch) | |
tree | d744dbf3df01d57a6fea739181fa525d8ea2e97f /common/socket.h | |
parent | 42892465d4522cf19283b8a06bf48104bb387430 (diff) | |
download | libimobiledevice-a2ddca0916ef776dbd0c6304ea36b4ca7a35302c.tar.gz libimobiledevice-a2ddca0916ef776dbd0c6304ea36b4ca7a35302c.tar.bz2 |
Bug #331 - Don't create a /tmp/root directory insecurely
When finding the user's home directory to generate a subdirectory in $HOME/.config, we would
fall back to /tmp if there were no environment variables for HOME or XDG_CONFIG_HOME.
Since libimobiledevice gets used by upower, and since upowerd runs as root, this would cause
a /tmp/root directory to be created insecurely, leaving upowerd vulnerable to a symlink attack.
Now we fall back to getpwuid_r() to find the user's home directory if it is not provided
in environment variables - this is the case when upowerd gets run via systemd, for example.
The result is that we'll end up creating /root/.config, a safe directory, since regular
users cannot create symlinks in /root.
In the future we'll need a way for libimobiledevice to find where to store its pairing data
on behalf of the console user, rather than writing it to /root.
http://libiphone.lighthouseapp.com/projects/27916-libiphone/tickets/331-insecure-tmp-directory-use
Diffstat (limited to 'common/socket.h')
0 files changed, 0 insertions, 0 deletions