summaryrefslogtreecommitdiffstats
path: root/common/userpref.c
AgeCommit message (Collapse)AuthorFilesLines
2013-07-13common: Fix WIN32 portability for recent userpref security fixGravatar Martin Szulecki1-1/+6
2013-07-02Bug #331 - Don't create a /tmp/root directory insecurelyGravatar Federico Mena Quintero1-29/+76
When finding the user's home directory to generate a subdirectory in $HOME/.config, we would fall back to /tmp if there were no environment variables for HOME or XDG_CONFIG_HOME. Since libimobiledevice gets used by upower, and since upowerd runs as root, this would cause a /tmp/root directory to be created insecurely, leaving upowerd vulnerable to a symlink attack. Now we fall back to getpwuid_r() to find the user's home directory if it is not provided in environment variables - this is the case when upowerd gets run via systemd, for example. The result is that we'll end up creating /root/.config, a safe directory, since regular users cannot create symlinks in /root. In the future we'll need a way for libimobiledevice to find where to store its pairing data on behalf of the console user, rather than writing it to /root. http://libiphone.lighthouseapp.com/projects/27916-libiphone/tickets/331-insecure-tmp-directory-use
2013-05-23Silence compiler warnings for win32 buildsGravatar Martin Szulecki1-0/+2
2013-04-25common: Move debug and userpref code into libinternalcommonGravatar Martin Szulecki1-0/+1161