[debian-edu-commits] debian-edu/ 123/183: Better temp file handling: - add trap to ensure we clean up temp files when possible - don't create user path files unless they will contain confugration sources

Alexander Alemayhu ccscanf-guest at moszumanska.debian.org
Wed Jun 11 16:48:39 UTC 2014 

This is an automated email from the git hooks/post-receive script.

ccscanf-guest pushed a commit to branch master
in repository desktop-profiles.

commit bd0e75cb6107d5ad384bfe4e27c867ff844b7939
Author: Bart Cornelis <cobaco at linux.be>
Date:   Tue Nov 28 17:30:46 2006 +0000

    Better temp file handling:
    - add trap to ensure we clean up temp files when possible
    - don't create user path files unless they will contain confugration sources
---
 20desktop-profiles_activateDesktopProfiles | 91 +++++++++++++++++++++---------
 1 file changed, 63 insertions(+), 28 deletions(-)

diff --git a/20desktop-profiles_activateDesktopProfiles b/20desktop-profiles_activateDesktopProfiles
index b0d45d2..858c9e7 100644
--- a/20desktop-profiles_activateDesktopProfiles
+++ b/20desktop-profiles_activateDesktopProfiles
@@ -42,6 +42,9 @@ sort_profiles(){
   #make sure we start with empty variables
   KDEDIRS='';XDG_CONFIG_DIRS='';XDG_DATA_DIRS='';CHOICESPATH='';GNUSTEP_PATHLIST='';UDEDIRS=''
  
+  # adjust trap to ensure we don't leave any tempfiles behind 
+  trap "rm -f $GCONF_FILE $PROFILES; exit" HUP INT TERM 
+
   # get profiles that are have fulfilled requirements, and save result on file descriptor 3
   PROFILES=`tempfile`;
   exec 3<> $PROFILES;
@@ -76,9 +79,12 @@ sort_profiles(){
     fi;	
   done;
 
-  # close filedescriptor,and delete tempfile
+  # close filedescriptor,delete tempfile
   exec 3>&- ; 
   rm $PROFILES;
+
+  # readjust trap to ensure we don't leave any tempfiles behind 
+  trap "rm -f $GCONF_FILE; exit" HUP INT TERM 
 }
 
 ##########################################################
@@ -176,40 +182,67 @@ activate_GCONF () {
   #       needs to contain a include directive for this generated file. (preferably it should 
   #       contain _only_ that include directive setting everything else up through profiles)
   
+  # $XDG_CACHE_HOME is not supposed to contain anything that can't be deleted
+  # so we can savely do this to avoid leaving old generated files from 
+  # previous logins laying around
+  XDG_CACHE_HOME=${XDG_CACHE_HOME:-$HOME/.cache};
+  rm -f $(grep -sl '^# Generated by desktop-profiles package$' $XDG_CACHE_HOME/* | cut --delimiter ':' --fields 1);
+
   # only generate path files for user if they will be included
   if (grep 'include *\$(ENV_MANDATORY_PATH)' /etc/gconf/2/path > /dev/null 2>&1 ) ||
      (grep 'include *\$(ENV_DEFAULTS_PATH)'  /etc/gconf/2/path > /dev/null 2>&1 ) ||
      (grep 'include *\$(ENV_MANDATORY_PATH)' /etc/gconf/1/path > /dev/null 2>&1 ) ||
      (grep 'include *\$(ENV_DEFAULTS_PATH)'  /etc/gconf/1/path > /dev/null 2>&1 ); then
-
-    INCLUDED_HOME=false; 
-    
-    # We need to use random names in a directory only accessible by the user because of security:
-    # - if (generated) path file isn't there all is fine
-    # - if (generated) path file is there and the permissions on it allow $USER to write all is fine 
-    #   (as it's regenerated on login)
-    # - if (generated) path file is there (possibly changed by attacker) and the permissions on it do
-    #   not allow $USER to write things are not fine (as regeneration fails, and configuration sources
-    #   by attacker will be used).
-    #   Attacker can be $USER hirself (to avoid mandatory settings form sysadmin), or if file is in a
-    #   directory that's writeable by someone else a third party
-    XDG_CACHE_HOME=${XDG_CACHE_HOME:-$HOME/.cache}; mkdir -p $XDG_CACHE_HOME;
-    export MANDATORY_PATH=$(tempfile --directory $XDG_CACHE_HOME);
-    export DEFAULTS_PATH=$(tempfile --directory $XDG_CACHE_HOME);
-    
-    # $XDG_CACHE_HOME is not supposed to contain anything that can't be deleted
-    # so we can do this to avoid leaving old generated files from previous logins laying around
-    rm -f $(grep '^# Generated by desktop-profiles package$' $XDG_CACHE_HOME/* | cut --delimiter ':' --fields 1);
-    
-    # add marker to generated file, both so we can find it again later, and to indicate origin
-    echo "# Generated by desktop-profiles package" > "$MANDATORY_PATH";
-    echo "# Generated by desktop-profiles package" > "$DEFAULTS_PATH";
     
+    # used to keep track if we passed from mandatory to default configuration sources yet
+    INCLUDED_HOME=false; 
+
+    # used to avoid creating unnecessary tempfiles
+    ADDED_MANDATORY=false;
+    ADDED_DEFAULTS=false;
+
+    # see if there's actually anyting to add, if so create pathfiles and fill them
     cat $GCONF_FILE | while read LINE; do
        if (test "$LINE" != 'xml:readwrite:$(HOME)/.gconf'); then
          if (test $INCLUDED_HOME = false); then
+	   # if this is the first mandatory source we add -> create tempfile
+	   if (test "$ADDED_MANDATORY" = false); then
+	     # create tempfile, while ensuring that cachedir exists
+	     # We're using tempfile since it ensures we have a new file with
+	     # a random filename, which is necessary for security:
+             # - if (generated) path file isn't there all is fine
+             # - if (generated) path file is there and the permissions on it allow $USER to write all is fine 
+             #   (as it's regenerated on login)
+             # - if (generated) path file is there (possibly changed by attacker) and the permissions on it do
+             #   not allow $USER to write things are not fine (as regeneration fails, and configuration sources
+             #   by attacker will be used).
+             #   Attacker can be $USER hirself (to avoid mandatory settings from sysadmin), or if file is in a
+             #   directory that's writeable by someone else a third party
+             mkdir -p $XDG_CACHE_HOME;
+             export MANDATORY_PATH=$(tempfile --directory $XDG_CACHE_HOME);
+	     
+             # add marker to generated file, both so we can find it again later, and to indicate origin
+             echo "# Generated by desktop-profiles package" > "$MANDATORY_PATH";
+
+	     # note that we added a mandatory source now
+	     ADDED_MANDATORY=true;
+	   fi;
+	   # add configuration source
            echo $LINE >> "$MANDATORY_PATH";
          else	 
+	   # if this is the first default source we add -> create tempfile
+	   if (test "$ADDED_DEFAULTS" = false); then
+	     # create tempfile, ensuring that the cachedir exists
+             mkdir -p $XDG_CACHE_HOME;
+             export DEFAULTS_PATH=$(tempfile --directory $XDG_CACHE_HOME);
+
+             # add marker to generated file, both so we can find it again later, and to indicate origin
+             echo "# Generated by desktop-profiles package" > "$DEFAULTS_PATH";
+            
+	     # note that we added a default source now
+	     ADDED_DEFAULT=true;
+	   fi;
+	   # add configuration source
            echo $LINE >> "$DEFAULTS_PATH";
          fi;	 
        else  
@@ -217,6 +250,9 @@ activate_GCONF () {
        fi  
     done;
   fi;  
+  
+  # cleanup tempfile
+  rm $GCONF_FILE;
 }
 
 #####################
@@ -246,7 +282,9 @@ if (test $INSTALLED = true); then
   # don't test requirements if no profile kinds are activated
   ############################################################
   if (test "$ACTIVE_PROFILE_KINDS"x != "x"); then
-    # get temp file names
+    # add trap to ensure we don't leave any tempfiles behind 
+    trap "rm -f $GCONF_FILE $PROFILES; exit" HUP INT TERM 
+    # get temp file
     GCONF_FILE=`tempfile`;
 
     # sort the profiles, whose requirements are met into:
@@ -260,8 +298,5 @@ if (test $INSTALLED = true); then
       # which can happen e.g. due to typo's in the config file.
       activate_$KIND || true;
     done;
-
-    # cleanup the tempfiles
-    rm $GCONF_FILE 
   fi;  
 fi;  

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-edu/pkg-team/desktop-profiles.git

More information about the debian-edu-commits mailing list