Adding a check for ownership in the socket.
Announcement on the list about this:
http://groups.google.com/group/taskspooler/browse_thread/thread/dadd01628c556464
Debian bug related to this:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466542
--- a/server_start.c Thu Sep 01 20:11:08 2011 +0200
+++ b/server_start.c Tue Oct 11 19:48:55 2011 +0200
@@ -13,6 +13,7 @@
#include <stdlib.h>
#include <stdio.h>
#include <sys/time.h>
+#include <sys/stat.h>
#include <signal.h>
#include "main.h"
@@ -20,6 +21,7 @@
extern int server_socket;
static char *socket_path;
+static int should_check_owner = 0;
static int fork_server();
@@ -37,6 +39,10 @@
size = strlen(*path) + 1;
*path = (char *) malloc(size);
strcpy(*path, getenv("TS_SOCKET"));
+
+ /* We don't want to check ownership of the socket here,
+ * as the user may have thought of some shared queue */
+ should_check_owner = 0;
return;
}
@@ -56,6 +62,8 @@
*path = (char *) malloc(size);
sprintf(*path, "%s/socket-ts.%s", tmpdir, userid);
+
+ should_check_owner = 1;
}
int try_connect(int s)
@@ -67,9 +75,28 @@
strcpy(addr.sun_path, socket_path);
res = connect(s, (struct sockaddr *) &addr, sizeof(addr));
+
return res;
}
+static void
+try_check_ownership()
+{
+ int res;
+ struct stat socketstat;
+
+ if (!should_check_owner)
+ return;
+
+ res = stat(socket_path, &socketstat);
+
+ if (res != 0)
+ error("Cannot state the socket %s.", socket_path);
+
+ if (socketstat.st_uid != getuid())
+ error("The uid %i does not own the socket %s.", getuid(), socket_path);
+}
+
void wait_server_up(int fd)
{
char a;
@@ -132,7 +159,10 @@
/* Good connection */
if (res == 0)
+ {
+ try_check_ownership();
return 1;
+ }
/* If error other than "No one listens on the other end"... */
if (!(errno == ENOENT || errno == ECONNREFUSED))