///////////////////////////////////////////////////////////////////////////////
-// Name: unix/snglinst.cpp
+// Name: src/unix/snglinst.cpp
// Purpose: implements wxSingleInstanceChecker class for Unix using
// lock files with fcntl(2) or flock(2)
// Author: Vadim Zeitlin
// headers
// ----------------------------------------------------------------------------
-#ifdef __GNUG__
- #pragma implementation "snglinst.h"
-#endif
-
// For compilers that support precompilation, includes "wx.h".
#include "wx/wxprec.h"
#include "wx/string.h"
#include "wx/log.h"
#include "wx/intl.h"
+ #include "wx/utils.h" // wxGetHomeDir()
#endif //WX_PRECOMP
#include "wx/file.h"
-#include "wx/utils.h" // wxGetHomeDir()
#include "wx/snglinst.h"
fl.l_type = lock == LOCK ? F_WRLCK : F_UNLCK;
// lock the entire file
- fl.l_whence =
fl.l_start =
- fl.l_len = 0;
+ fl.l_len =
+ fl.l_whence = 0;
// is this needed?
fl.l_pid = getpid();
fsync(m_fdLock);
+ // change file's permission so that only this user can access it:
+ if ( chmod(m_nameLock.fn_str(), S_IRUSR | S_IWUSR) != 0 )
+ {
+ wxLogSysError(_("Failed to set permissions on lock file '%s'"),
+ m_nameLock.c_str());
+
+ Unlock();
+
+ return LOCK_ERROR;
+ }
+
return LOCK_CREATED;
}
else // failure: see what exactly happened
case LOCK_CREATED:
// nothing more to do
- return TRUE;
+ return true;
case LOCK_ERROR:
// oops...
- return FALSE;
+ return false;
+ }
+
+ // Check if the file is owned by current user and has 0600 permissions.
+ // If it doesn't, it's a fake file, possibly meant as a DoS attack, and
+ // so we refuse to touch it:
+ wxStructStat stats;
+ if ( wxStat(name, &stats) != 0 )
+ {
+ wxLogSysError(_("Failed to inspect the lock file '%s'"), name.c_str());
+ return false;
+ }
+ if ( stats.st_uid != getuid() )
+ {
+ wxLogError(_("Lock file '%s' has incorrect owner."), name.c_str());
+ return false;
+ }
+ if ( stats.st_mode != (S_IFREG | S_IRUSR | S_IWUSR) )
+ {
+ wxLogError(_("Lock file '%s' has incorrect permissions."), name.c_str());
+ return false;
}
// try to open the file for reading and get the PID of the process
// rarely in practice that we don't care
wxLogError(_("Failed to access lock file."));
- return FALSE;
+ return false;
}
char buf[256];
- off_t count = file.Read(buf, WXSIZEOF(buf));
+ ssize_t count = file.Read(buf, WXSIZEOF(buf));
if ( count == wxInvalidOffset )
{
wxLogError(_("Failed to read PID from lock file."));
wxLogError(_("Failed to remove stale lock file '%s'."),
name.c_str());
- // return TRUE in this case for now...
+ // return true in this case for now...
}
else
{
}
}
- // return TRUE if we could get the PID of the process owning the lock file
+ // return true if we could get the PID of the process owning the lock file
// (whether it is still running or not), FALSE otherwise as it is
// unexpected
return m_pidLocker != 0;
bool wxSingleInstanceChecker::IsAnotherRunning() const
{
- wxCHECK_MSG( m_impl, FALSE, _T("must call Create() first") );
+ wxCHECK_MSG( m_impl, false, _T("must call Create() first") );
// if another instance is running, it must own the lock file - otherwise
// we have it and the locker PID is ours one
}
#endif // wxUSE_SNGLINST_CHECKER
-
projects / wxWidgets.git / blobdiff