From e6b4f1122d130b2f67321ed13e3309cf392cf1eb Mon Sep 17 00:00:00 2001
From: short <>
Date: Wed, 10 Dec 2003 18:07:21 +0000
Subject: [PATCH] Add geteuid() to '/var/lib/captive/tmp/TEMPLATE' to prevent
 user conflicts. flock(2) '/var/lib/captive/tmp/TEMPLATE' for the cleaning by
 sandbox-server.

---
 src/libcaptive/sandbox/split.c | 50 +++++++++++++++++++++++++++++++++++-------
 1 file changed, 42 insertions(+), 8 deletions(-)

diff --git a/src/libcaptive/sandbox/split.c b/src/libcaptive/sandbox/split.c
index 33a675e..9b499c2 100644
--- a/src/libcaptive/sandbox/split.c
+++ b/src/libcaptive/sandbox/split.c
@@ -38,6 +38,7 @@
 #include "../client/giochannel-blind.h"	/* for captive_giochannel_blind_new() */
 #include <signal.h>
 #include "../storage/relastblock.h"	/* for captive_storage_relastblock() */
+#include <sys/file.h>	/* flock() */
 
 #ifdef HAVE_ORBIT_LINK
 void link_set_tmpdir(const char *dir);
@@ -469,6 +470,42 @@ struct sandbox_parent_own_orbit_dir_cleanup_signal *sigstructp;
 		}
 }
 
+static void createlockdir(const gchar *dir)
+{
+gint retries;
+
+	for (retries=0;retries<10;retries++) {
+struct stat statbuf;
+int dirfd;
+
+		if (mkdir(dir,0700)) {
+			if (errno!=EEXIST)
+				g_error(_("Failed to create chroot directory \"%s\": %m"),dir);
+			unlink_nonrecursive(dir);
+			if (mkdir(dir,0700))
+				g_error(_("Failed to create chroot directory \"%s\" after attempted unlink: %m"),dir);
+			}
+		dirfd=open(dir,O_RDONLY);
+		if (dirfd==-1) {
+			if (errno!=ENOENT)
+				g_error(_("Failed to open created chroot directory \"%s\" to lock it: %m"),dir);
+			continue;
+			}
+		/* Do not use 'LOCK_NB' here as the garbage collector should release it soon. */
+		if (flock(dirfd,LOCK_EX))
+			g_error(_("Failed to lock created chroot directory \"%s\": %m"),dir);
+		if (lstat(dir,&statbuf)) {
+			if (errno!=ENOENT)
+				g_error(_("Failed to lstat(2) created chroot directory \"%s\": %m"),dir);
+			if (close(dirfd))
+				g_error(_("Failed to close created and locked chroot directory \"%s\": %m"),dir);
+			continue;
+			}
+		/* Leave 'dirfd' open to leave it LOCK_EX-ed. */
+		break;
+		}
+}
+
 static gchar *sandbox_parent_read_ior
 		(int Vfs_IOR_fd_read,gchar **child_chroot_pid_hashkey_dirp,CaptiveVfsParentObject *captive_vfs_parent_object)
 {
@@ -488,15 +525,12 @@ const gchar *ior_read_error;
 	/* FIXME: Security: Duplicate giop_tmpdir_init() here. */
 	if (!sandbox_parent_own_orbit_dir) {
 		/* FIXME: Make 'CAPTIVE_SANDBOX_CHROOT' configurable. */
-		sandbox_parent_own_orbit_dir=g_strdup_printf("%s/tmp/captive-orbit-%d",CAPTIVE_SANDBOX_CHROOT,getpid());
-		if (mkdir(sandbox_parent_own_orbit_dir,0700)) {
-			g_assert(errno==EEXIST);
-			sandbox_parent_own_orbit_dir_cleanup_init();
-			unlink_nonrecursive(sandbox_parent_own_orbit_dir);
-			if (mkdir(sandbox_parent_own_orbit_dir,0700))
-				g_assert_not_reached();
-			}
+		/* Use also geteuid() marker here as could not remove the directory
+		 * of some other user otherwise.
+		 */
+		sandbox_parent_own_orbit_dir=g_strdup_printf("%s/tmp/captive-orbit-%d-%d",CAPTIVE_SANDBOX_CHROOT,getpid(),geteuid());
 		sandbox_parent_own_orbit_dir_cleanup_init();
+		createlockdir(sandbox_parent_own_orbit_dir);
 #ifdef HAVE_ORBIT_LINK
 		link_set_tmpdir(sandbox_parent_own_orbit_dir);
 #else
-- 
1.8.3.1