39 lines
1.1 KiB
Diff
39 lines
1.1 KiB
Diff
From cceeb1def62ef78fed802684e9500cfa1aefa6b3 Mon Sep 17 00:00:00 2001
|
|
From: Stephen Smalley <stephen.smalley.work@gmail.com>
|
|
Date: Wed, 13 May 2026 10:30:20 -0400
|
|
Subject: [PATCH] sandbox/seunshare: verify RUNTIME_DIR before use
|
|
Content-type: text/plain
|
|
|
|
RUNTIME_DIR can be inherited from XDG_RUNTIME_DIR or set to a default
|
|
path. Regardless, we should verify it the same way as the other
|
|
user-supplied directories before first use.
|
|
|
|
Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
|
|
---
|
|
sandbox/seunshare.c | 9 +++++++++
|
|
1 file changed, 9 insertions(+)
|
|
|
|
diff --git a/sandbox/seunshare.c b/sandbox/seunshare.c
|
|
index 945a3b21c1cc..89180d0aa1ed 100644
|
|
--- a/sandbox/seunshare.c
|
|
+++ b/sandbox/seunshare.c
|
|
@@ -964,6 +964,15 @@ int main(int argc, char **argv) {
|
|
}
|
|
}
|
|
|
|
+ if (runuserdir_s) {
|
|
+ struct stat sb;
|
|
+
|
|
+ if (verify_directory(RUNTIME_DIR, NULL, &sb) < 0 ||
|
|
+ check_owner_uid(uid, RUNTIME_DIR, &sb) < 0)
|
|
+ goto childerr;
|
|
+
|
|
+ }
|
|
+
|
|
if ((XDG_SESSION_TYPE = getenv("XDG_SESSION_TYPE")) != NULL) {
|
|
if ((XDG_SESSION_TYPE = strdup(XDG_SESSION_TYPE)) == NULL) {
|
|
perror(_("Out of memory"));
|
|
--
|
|
2.54.0
|
|
|