[hackers] [surf] Restrict the way buildpath() modifies the filesystem.

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Quentin Rameau <quinq+hackers_AT_fifth.space>
Date: Tue, 13 Oct 2015 14:22:54 +0200

1. When provided path is ~foo/, don't expand it to $HOME/foo/ (which is
wrong anyway [0]). Instead exit with an error message.
2. Do not arbitrary modify existing directory mode as this could lead to
unwanted (and possibly undetected) side-effects.

[0] http://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html#tag_18_06_01

---
 surf.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/surf.c b/surf.c
index 02656ec..04c85ed 100644
--- a/surf.c
+++ b/surf.c
_AT_@ -268,8 +268,8 @@ buildpath(const char *path) {
 		if(path[1] == '/') {
 			apath = g_strconcat(g_get_home_dir(), &path[1], NULL);
 		} else {
-			apath = g_strconcat(g_get_home_dir(), "/",
-					&path[1], NULL);
+			die("Surf won't access another user's home directory: "
+					"%s\n", path);
 		}
 	} else {
 		apath = g_strconcat(g_get_current_dir(), "/", path, NULL);
_AT_@ -278,7 +278,6 @@ buildpath(const char *path) {
 	if((p = strrchr(apath, '/'))) {
 		*p = '\0';
 		g_mkdir_with_parents(apath, 0700);
-		g_chmod(apath, 0700); /* in case it existed */
 		*p = '/';
 	}
 	/* creating file (gives error when apath ends with "/") */
-- 
2.6.1

Received on Tue Oct 13 2015 - 14:22:54 CEST

This archive was generated by hypermail 2.3.0 : Tue Oct 13 2015 - 14:24:11 CEST