Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2671)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: base/file_util_posix.cc

Issue 7718021: Add external extensions json source in proper mac location. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Address rev comments. Created 9 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « base/file_util.h ('k') | base/file_util_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: base/file_util_posix.cc
diff --git a/base/file_util_posix.cc b/base/file_util_posix.cc
index 9904584abd3c0fa9059c7ce1f276caaa9642b065..b844d77e6f8e33f2aec2fdfb3bfade4486bae217 100644
--- a/base/file_util_posix.cc
+++ b/base/file_util_posix.cc
@@ -940,4 +940,39 @@ bool CopyFile(const FilePath& from_path, const FilePath& to_path) {
}
#endif // defined(OS_MACOSX)
+bool IsPathControlledByUser(const FilePath& base,
+ const FilePath& path,
+ uid_t owner_uid) {
+ if (path == base)
Mark Mentovai 2011/08/25 14:15:49 This scheme seems to provide absolutely no way to
Sam Kerner (Chrome) 2011/08/26 19:59:15 Changed the test to include the base path, sop tha
+ return true;
+
+ if (!IsPathControlledByUser(base, path.DirName(), owner_uid))
+ return false;
+
+ stat_wrapper_t stat_info;
+ if (CallStat(path.value().c_str(), &stat_info) != 0) {
+ PLOG(ERROR) << "Failed to get information on path " << path.value();
+ return false;
+ }
+
+ if (stat_info.st_uid != owner_uid) {
TVL 2011/08/25 14:07:28 what happens if any segment is a link? does that
Sam Kerner (Chrome) 2011/08/26 19:59:15 Good point. Links are now forbidden.
+ LOG(ERROR) << "Path " << path.value()
+ << " is owned by the wrong user.";
+ return false;
+ }
+
+ if (stat_info.st_mode & S_IWOTH) {
+ LOG(ERROR) << "Path "<< path.value() << " is writable by any user.";
+ return false;
+ }
+
+ return true;
TVL 2011/08/25 14:07:28 the group permissions could still be a issue, but
Sam Kerner (Chrome) 2011/08/26 19:59:15 Hardcoded check for the group named "admin".
+}
+
+bool IsPathControlledByAdmin(const FilePath& path) {
+ const unsigned kRootUid = 0;
+ const FilePath kFileSystemRoot("/");
+ return IsPathControlledByUser(kFileSystemRoot, path, kRootUid);
+}
+
} // namespace file_util
« no previous file with comments | « base/file_util.h ('k') | base/file_util_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698