// Created: 09.06.01
// RCS-ID: $Id$
// Copyright: (c) 2001 Vadim Zeitlin <zeitlin@dptmaths.ens-cachan.fr>
-// License: wxWindows license
+// License: wxWindows licence
///////////////////////////////////////////////////////////////////////////////
// ============================================================================
// headers
// ----------------------------------------------------------------------------
-#ifdef __GNUG__
+#if defined(__GNUG__) && !defined(NO_GCC_PRAGMA)
#pragma implementation "snglinst.h"
#endif
#include "wx/string.h"
#include "wx/log.h"
#include "wx/intl.h"
- #include "wx/file.h"
#endif //WX_PRECOMP
+#include "wx/file.h"
#include "wx/utils.h" // wxGetHomeDir()
#include "wx/snglinst.h"
#include <unistd.h>
#include <sys/types.h>
-#include <sys/stat.h>
+#include <sys/stat.h> // for S_I[RW]USR
#include <signal.h> // for kill()
#include <errno.h>
LockResult wxSingleInstanceCheckerImpl::CreateLockFile()
{
// try to open the file
- m_fdLock = open(m_nameLock,
+ m_fdLock = open(m_nameLock.fn_str(),
O_WRONLY | O_CREAT | O_EXCL,
- S_IREAD | S_IWRITE);
+ S_IRUSR | S_IWUSR);
if ( m_fdLock != -1 )
{
// try to lock it
- int rc = wxLockFile(m_fdLock, LOCK);
- if ( rc == 0 )
+ if ( wxLockFile(m_fdLock, LOCK) == 0 )
{
// fine, we have the exclusive lock to the file, write our PID
// into it
fsync(m_fdLock);
+ // change file's permission so that only this user can access it:
+ if ( chmod(m_nameLock.fn_str(), S_IRUSR | S_IWUSR) != 0 )
+ {
+ wxLogSysError(_("Failed to set permissions on lock file '%s'"),
+ m_nameLock.c_str());
+
+ Unlock();
+
+ return LOCK_ERROR;
+ }
+
return LOCK_CREATED;
}
else // failure: see what exactly happened
close(m_fdLock);
m_fdLock = -1;
- if ( rc != EACCES && rc != EAGAIN )
+ if ( errno != EACCES && errno != EAGAIN )
{
wxLogSysError(_("Failed to lock the lock file '%s'"),
m_nameLock.c_str());
- unlink(m_nameLock);
+ unlink(m_nameLock.fn_str());
return LOCK_ERROR;
}
return FALSE;
}
+ // Check if the file is owned by current user and has 0600 permissions.
+ // If it doesn't, it's a fake file, possibly meant as a DoS attack, and
+ // so we refuse to touch it:
+ wxStructStat stats;
+ if ( wxStat(name, &stats) != 0 )
+ {
+ wxLogSysError(_("Failed to inspect the lock file '%s'"), name.c_str());
+ return false;
+ }
+ if ( stats.st_uid != getuid() )
+ {
+ wxLogError(_("Lock file '%s' has incorrect owner."), name.c_str());
+ return false;
+ }
+ if ( stats.st_mode != (S_IFREG | S_IRUSR | S_IWUSR) )
+ {
+ wxLogError(_("Lock file '%s' has incorrect permissions."), name.c_str());
+ return false;
+ }
+
// try to open the file for reading and get the PID of the process
// which has it
wxFile file(name, wxFile::read);
}
char buf[256];
- off_t count = file.Read(buf, WXSIZEOF(buf));
+ ssize_t count = file.Read(buf, WXSIZEOF(buf));
if ( count == wxInvalidOffset )
{
wxLogError(_("Failed to read PID from lock file."));
{
if ( kill(m_pidLocker, 0) != 0 )
{
- if ( unlink(name) != 0 )
+ if ( unlink(name.fn_str()) != 0 )
{
wxLogError(_("Failed to remove stale lock file '%s'."),
name.c_str());
{
if ( m_fdLock != -1 )
{
- if ( unlink(m_nameLock) != 0 )
+ if ( unlink(m_nameLock.fn_str()) != 0 )
{
wxLogSysError(_("Failed to remove lock file '%s'"),
m_nameLock.c_str());
wxString fullname = path;
if ( fullname.empty() )
{
- fullname << wxGetHomeDir() << _T('/');
+ fullname = wxGetHomeDir();
+ }
+
+ if ( fullname.Last() != _T('/') )
+ {
+ fullname += _T('/');
}
fullname << name;