--- libsdp-1.1.99.orig/src/log.c
+++ libsdp-1.1.99/src/log.c
@@ -174,15 +174,41 @@
filename = p + 1;
snprintf( tfilename, sizeof( tfilename ), "/var/log/%s", filename );
} else {
+ char tdir[PATH_MAX + 1];
/*
for regular user, allow log file to be placed in a user
requested path. If no path is requested the log file is
placed in /tmp/
*/
if ( p )
- snprintf( tfilename, sizeof( tfilename ), "%s.%d", filename, uid );
+ snprintf(tdir, sizeof(tdir), "%s.%d", filename, uid );
else
- snprintf( tfilename, sizeof( tfilename ), "/tmp/%s.%d", filename, uid );
+ snprintf(tdir, sizeof(tdir ), "/tmp/%s.%d", filename, uid );
+
+ if (mkdir(tdir, 0700)) {
+ struct stat stat;
+
+ if (errno != EEXIST) {
+ __sdp_log( 9, "Couldn't create directory '%s' for logging (%m)\n", tdir );
+ return 0;
+ }
+
+ if (lstat(tdir, &stat)) {
+ __sdp_log(9, "Couldn't lstat directory %s\n", tdir);
+ return 0;
+ }
+
+ if (!S_ISDIR(stat.st_mode) || stat.st_uid != uid ||
+ (stat.st_mode & ~(S_IFMT | S_IRWXU))) {
+ __sdp_log( 9, "Cowardly refusing to log into directory:'%s'. "
+ "Make sure it is not: (1) link, (2) other uid, (3) bad permissions."
+ "thus is a security issue.\n", tdir );
+ return 0;
+ }
+ }
+
+ snprintf(tfilename, sizeof(tfilename), "%s/log", tdir);
+ printf("dir: %s file: %s\n", tdir, tfilename);
}
/* double check the file is not a link */
@@ -195,7 +221,7 @@
f = fopen( tfilename, "a" );
if ( !f ) {
- __sdp_log( 9, "Couldn't open filename '%s' for logging\n", tfilename );
+ __sdp_log( 9, "Couldn't open '%s' for logging (%m)\n", tfilename );
return 0;
}
![[patchlogo]](http://patch-tracker.debian.org/static/img/swirlpatch.png)