[debian-edu-commits] debian-edu/ 123/183: Better temp file handling: - add trap to ensure we clean up temp files when possible - don't create user path files unless they will contain confugration sources
Alexander Alemayhu
ccscanf-guest at moszumanska.debian.org
Wed Jun 11 16:48:39 UTC 2014
This is an automated email from the git hooks/post-receive script.
ccscanf-guest pushed a commit to branch master
in repository desktop-profiles.
commit bd0e75cb6107d5ad384bfe4e27c867ff844b7939
Author: Bart Cornelis <cobaco at linux.be>
Date: Tue Nov 28 17:30:46 2006 +0000
Better temp file handling:
- add trap to ensure we clean up temp files when possible
- don't create user path files unless they will contain confugration sources
---
20desktop-profiles_activateDesktopProfiles | 91 +++++++++++++++++++++---------
1 file changed, 63 insertions(+), 28 deletions(-)
diff --git a/20desktop-profiles_activateDesktopProfiles b/20desktop-profiles_activateDesktopProfiles
index b0d45d2..858c9e7 100644
--- a/20desktop-profiles_activateDesktopProfiles
+++ b/20desktop-profiles_activateDesktopProfiles
@@ -42,6 +42,9 @@ sort_profiles(){
#make sure we start with empty variables
KDEDIRS='';XDG_CONFIG_DIRS='';XDG_DATA_DIRS='';CHOICESPATH='';GNUSTEP_PATHLIST='';UDEDIRS=''
+ # adjust trap to ensure we don't leave any tempfiles behind
+ trap "rm -f $GCONF_FILE $PROFILES; exit" HUP INT TERM
+
# get profiles that are have fulfilled requirements, and save result on file descriptor 3
PROFILES=`tempfile`;
exec 3<> $PROFILES;
@@ -76,9 +79,12 @@ sort_profiles(){
fi;
done;
- # close filedescriptor,and delete tempfile
+ # close filedescriptor,delete tempfile
exec 3>&- ;
rm $PROFILES;
+
+ # readjust trap to ensure we don't leave any tempfiles behind
+ trap "rm -f $GCONF_FILE; exit" HUP INT TERM
}
##########################################################
@@ -176,40 +182,67 @@ activate_GCONF () {
# needs to contain a include directive for this generated file. (preferably it should
# contain _only_ that include directive setting everything else up through profiles)
+ # $XDG_CACHE_HOME is not supposed to contain anything that can't be deleted
+ # so we can savely do this to avoid leaving old generated files from
+ # previous logins laying around
+ XDG_CACHE_HOME=${XDG_CACHE_HOME:-$HOME/.cache};
+ rm -f $(grep -sl '^# Generated by desktop-profiles package$' $XDG_CACHE_HOME/* | cut --delimiter ':' --fields 1);
+
# only generate path files for user if they will be included
if (grep 'include *\$(ENV_MANDATORY_PATH)' /etc/gconf/2/path > /dev/null 2>&1 ) ||
(grep 'include *\$(ENV_DEFAULTS_PATH)' /etc/gconf/2/path > /dev/null 2>&1 ) ||
(grep 'include *\$(ENV_MANDATORY_PATH)' /etc/gconf/1/path > /dev/null 2>&1 ) ||
(grep 'include *\$(ENV_DEFAULTS_PATH)' /etc/gconf/1/path > /dev/null 2>&1 ); then
-
- INCLUDED_HOME=false;
-
- # We need to use random names in a directory only accessible by the user because of security:
- # - if (generated) path file isn't there all is fine
- # - if (generated) path file is there and the permissions on it allow $USER to write all is fine
- # (as it's regenerated on login)
- # - if (generated) path file is there (possibly changed by attacker) and the permissions on it do
- # not allow $USER to write things are not fine (as regeneration fails, and configuration sources
- # by attacker will be used).
- # Attacker can be $USER hirself (to avoid mandatory settings form sysadmin), or if file is in a
- # directory that's writeable by someone else a third party
- XDG_CACHE_HOME=${XDG_CACHE_HOME:-$HOME/.cache}; mkdir -p $XDG_CACHE_HOME;
- export MANDATORY_PATH=$(tempfile --directory $XDG_CACHE_HOME);
- export DEFAULTS_PATH=$(tempfile --directory $XDG_CACHE_HOME);
-
- # $XDG_CACHE_HOME is not supposed to contain anything that can't be deleted
- # so we can do this to avoid leaving old generated files from previous logins laying around
- rm -f $(grep '^# Generated by desktop-profiles package$' $XDG_CACHE_HOME/* | cut --delimiter ':' --fields 1);
-
- # add marker to generated file, both so we can find it again later, and to indicate origin
- echo "# Generated by desktop-profiles package" > "$MANDATORY_PATH";
- echo "# Generated by desktop-profiles package" > "$DEFAULTS_PATH";
+ # used to keep track if we passed from mandatory to default configuration sources yet
+ INCLUDED_HOME=false;
+
+ # used to avoid creating unnecessary tempfiles
+ ADDED_MANDATORY=false;
+ ADDED_DEFAULTS=false;
+
+ # see if there's actually anyting to add, if so create pathfiles and fill them
cat $GCONF_FILE | while read LINE; do
if (test "$LINE" != 'xml:readwrite:$(HOME)/.gconf'); then
if (test $INCLUDED_HOME = false); then
+ # if this is the first mandatory source we add -> create tempfile
+ if (test "$ADDED_MANDATORY" = false); then
+ # create tempfile, while ensuring that cachedir exists
+ # We're using tempfile since it ensures we have a new file with
+ # a random filename, which is necessary for security:
+ # - if (generated) path file isn't there all is fine
+ # - if (generated) path file is there and the permissions on it allow $USER to write all is fine
+ # (as it's regenerated on login)
+ # - if (generated) path file is there (possibly changed by attacker) and the permissions on it do
+ # not allow $USER to write things are not fine (as regeneration fails, and configuration sources
+ # by attacker will be used).
+ # Attacker can be $USER hirself (to avoid mandatory settings from sysadmin), or if file is in a
+ # directory that's writeable by someone else a third party
+ mkdir -p $XDG_CACHE_HOME;
+ export MANDATORY_PATH=$(tempfile --directory $XDG_CACHE_HOME);
+
+ # add marker to generated file, both so we can find it again later, and to indicate origin
+ echo "# Generated by desktop-profiles package" > "$MANDATORY_PATH";
+
+ # note that we added a mandatory source now
+ ADDED_MANDATORY=true;
+ fi;
+ # add configuration source
echo $LINE >> "$MANDATORY_PATH";
else
+ # if this is the first default source we add -> create tempfile
+ if (test "$ADDED_DEFAULTS" = false); then
+ # create tempfile, ensuring that the cachedir exists
+ mkdir -p $XDG_CACHE_HOME;
+ export DEFAULTS_PATH=$(tempfile --directory $XDG_CACHE_HOME);
+
+ # add marker to generated file, both so we can find it again later, and to indicate origin
+ echo "# Generated by desktop-profiles package" > "$DEFAULTS_PATH";
+
+ # note that we added a default source now
+ ADDED_DEFAULT=true;
+ fi;
+ # add configuration source
echo $LINE >> "$DEFAULTS_PATH";
fi;
else
@@ -217,6 +250,9 @@ activate_GCONF () {
fi
done;
fi;
+
+ # cleanup tempfile
+ rm $GCONF_FILE;
}
#####################
@@ -246,7 +282,9 @@ if (test $INSTALLED = true); then
# don't test requirements if no profile kinds are activated
############################################################
if (test "$ACTIVE_PROFILE_KINDS"x != "x"); then
- # get temp file names
+ # add trap to ensure we don't leave any tempfiles behind
+ trap "rm -f $GCONF_FILE $PROFILES; exit" HUP INT TERM
+ # get temp file
GCONF_FILE=`tempfile`;
# sort the profiles, whose requirements are met into:
@@ -260,8 +298,5 @@ if (test $INSTALLED = true); then
# which can happen e.g. due to typo's in the config file.
activate_$KIND || true;
done;
-
- # cleanup the tempfiles
- rm $GCONF_FILE
fi;
fi;
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-edu/pkg-team/desktop-profiles.git
More information about the debian-edu-commits
mailing list