X-Git-Url: https://git.saurik.com/wxWidgets.git/blobdiff_plain/6aa89a22b8e47000c98bff05c6f545f331f1c353..80f218424f34e2ded439cc23631ea1b74c72f732:/src/unix/snglinst.cpp?ds=sidebyside diff --git a/src/unix/snglinst.cpp b/src/unix/snglinst.cpp index 23fce16f82..bdd773a19e 100644 --- a/src/unix/snglinst.cpp +++ b/src/unix/snglinst.cpp @@ -18,10 +18,6 @@ // headers // ---------------------------------------------------------------------------- -#ifdef __GNUG__ - #pragma implementation "snglinst.h" -#endif - // For compilers that support precompilation, includes "wx.h". #include "wx/wxprec.h" @@ -35,9 +31,9 @@ #include "wx/string.h" #include "wx/log.h" #include "wx/intl.h" - #include "wx/file.h" #endif //WX_PRECOMP +#include "wx/file.h" #include "wx/utils.h" // wxGetHomeDir() #include "wx/snglinst.h" @@ -89,9 +85,9 @@ static int wxLockFile(int fd, LockOperation lock) fl.l_type = lock == LOCK ? F_WRLCK : F_UNLCK; // lock the entire file - fl.l_whence = fl.l_start = - fl.l_len = 0; + fl.l_len = + fl.l_whence = 0; // is this needed? fl.l_pid = getpid(); @@ -180,6 +176,17 @@ LockResult wxSingleInstanceCheckerImpl::CreateLockFile() fsync(m_fdLock); + // change file's permission so that only this user can access it: + if ( chmod(m_nameLock.fn_str(), S_IRUSR | S_IWUSR) != 0 ) + { + wxLogSysError(_("Failed to set permissions on lock file '%s'"), + m_nameLock.c_str()); + + Unlock(); + + return LOCK_ERROR; + } + return LOCK_CREATED; } else // failure: see what exactly happened @@ -226,6 +233,26 @@ bool wxSingleInstanceCheckerImpl::Create(const wxString& name) return FALSE; } + // Check if the file is owned by current user and has 0600 permissions. + // If it doesn't, it's a fake file, possibly meant as a DoS attack, and + // so we refuse to touch it: + wxStructStat stats; + if ( wxStat(name, &stats) != 0 ) + { + wxLogSysError(_("Failed to inspect the lock file '%s'"), name.c_str()); + return false; + } + if ( stats.st_uid != getuid() ) + { + wxLogError(_("Lock file '%s' has incorrect owner."), name.c_str()); + return false; + } + if ( stats.st_mode != (S_IFREG | S_IRUSR | S_IWUSR) ) + { + wxLogError(_("Lock file '%s' has incorrect permissions."), name.c_str()); + return false; + } + // try to open the file for reading and get the PID of the process // which has it wxFile file(name, wxFile::read); @@ -246,7 +273,7 @@ bool wxSingleInstanceCheckerImpl::Create(const wxString& name) } char buf[256]; - off_t count = file.Read(buf, WXSIZEOF(buf)); + ssize_t count = file.Read(buf, WXSIZEOF(buf)); if ( count == wxInvalidOffset ) { wxLogError(_("Failed to read PID from lock file."));