diff options
| author | 2013-07-02 13:38:36 -0500 | |
|---|---|---|
| committer | 2013-07-02 20:31:45 -0500 | |
| commit | a2ddca0916ef776dbd0c6304ea36b4ca7a35302c (patch) | |
| tree | d744dbf3df01d57a6fea739181fa525d8ea2e97f /include/libimobiledevice/house_arrest.h | |
| parent | 42892465d4522cf19283b8a06bf48104bb387430 (diff) | |
| download | libimobiledevice-a2ddca0916ef776dbd0c6304ea36b4ca7a35302c.tar.gz libimobiledevice-a2ddca0916ef776dbd0c6304ea36b4ca7a35302c.tar.bz2 | |
Bug #331 - Don't create a /tmp/root directory insecurely
When finding the user's home directory to generate a subdirectory in $HOME/.config, we would
fall back to /tmp if there were no environment variables for HOME or XDG_CONFIG_HOME.
Since libimobiledevice gets used by upower, and since upowerd runs as root, this would cause
a /tmp/root directory to be created insecurely, leaving upowerd vulnerable to a symlink attack.
Now we fall back to getpwuid_r() to find the user's home directory if it is not provided
in environment variables - this is the case when upowerd gets run via systemd, for example.
The result is that we'll end up creating /root/.config, a safe directory, since regular
users cannot create symlinks in /root.
In the future we'll need a way for libimobiledevice to find where to store its pairing data
on behalf of the console user, rather than writing it to /root.
http://libiphone.lighthouseapp.com/projects/27916-libiphone/tickets/331-insecure-tmp-directory-use
Diffstat (limited to 'include/libimobiledevice/house_arrest.h')
0 files changed, 0 insertions, 0 deletions
