| Index: base/file_util_posix.cc
|
| diff --git a/base/file_util_posix.cc b/base/file_util_posix.cc
|
| index 9904584abd3c0fa9059c7ce1f276caaa9642b065..323f5aa561359c74c2ba34934cc20755dec5bcd4 100644
|
| --- a/base/file_util_posix.cc
|
| +++ b/base/file_util_posix.cc
|
| @@ -8,6 +8,7 @@
|
| #include <errno.h>
|
| #include <fcntl.h>
|
| #include <fnmatch.h>
|
| +#include <grp.h>
|
| #include <libgen.h>
|
| #include <limits.h>
|
| #include <stdio.h>
|
| @@ -52,19 +53,6 @@ namespace file_util {
|
|
|
| namespace {
|
|
|
| -// Helper for NormalizeFilePath(), defined below.
|
| -bool RealPath(const FilePath& path, FilePath* real_path) {
|
| - base::ThreadRestrictions::AssertIOAllowed(); // For realpath().
|
| - FilePath::CharType buf[PATH_MAX];
|
| - if (!realpath(path.value().c_str(), buf))
|
| - return false;
|
| -
|
| - *real_path = FilePath(buf);
|
| - return true;
|
| -}
|
| -
|
| -} // namespace
|
| -
|
| #if defined(OS_OPENBSD) || defined(OS_FREEBSD) || \
|
| (defined(OS_MACOSX) && \
|
| MAC_OS_X_VERSION_MIN_REQUIRED < MAC_OS_X_VERSION_10_5)
|
| @@ -73,14 +61,73 @@ static int CallStat(const char *path, stat_wrapper_t *sb) {
|
| base::ThreadRestrictions::AssertIOAllowed();
|
| return stat(path, sb);
|
| }
|
| +static int CallLstat(const char *path, stat_wrapper_t *sb) {
|
| + base::ThreadRestrictions::AssertIOAllowed();
|
| + return lstat(path, sb);
|
| +}
|
| #else
|
| typedef struct stat64 stat_wrapper_t;
|
| static int CallStat(const char *path, stat_wrapper_t *sb) {
|
| base::ThreadRestrictions::AssertIOAllowed();
|
| return stat64(path, sb);
|
| }
|
| +static int CallLstat(const char *path, stat_wrapper_t *sb) {
|
| + base::ThreadRestrictions::AssertIOAllowed();
|
| + return lstat64(path, sb);
|
| +}
|
| #endif
|
|
|
| +// Helper for NormalizeFilePath(), defined below.
|
| +bool RealPath(const FilePath& path, FilePath* real_path) {
|
| + base::ThreadRestrictions::AssertIOAllowed(); // For realpath().
|
| + FilePath::CharType buf[PATH_MAX];
|
| + if (!realpath(path.value().c_str(), buf))
|
| + return false;
|
| +
|
| + *real_path = FilePath(buf);
|
| + return true;
|
| +}
|
| +
|
| +// Helper for VerifyPathControlledByUser.
|
| +bool VerifySpecificPathControlledByUser(const FilePath& path,
|
| + uid_t owner_uid,
|
| + gid_t group_gid) {
|
| + stat_wrapper_t stat_info;
|
| + if (CallLstat(path.value().c_str(), &stat_info) != 0) {
|
| + PLOG(ERROR) << "Failed to get information on path "
|
| + << path.value();
|
| + return false;
|
| + }
|
| +
|
| + if (S_ISLNK(stat_info.st_mode)) {
|
| + LOG(ERROR) << "Path " << path.value()
|
| + << " is a symbolic link.";
|
| + return false;
|
| + }
|
| +
|
| + if (stat_info.st_uid != owner_uid) {
|
| + LOG(ERROR) << "Path " << path.value()
|
| + << " is owned by the wrong user.";
|
| + return false;
|
| + }
|
| +
|
| + if (stat_info.st_gid != group_gid) {
|
| + LOG(ERROR) << "Path " << path.value()
|
| + << " is owned by the wrong group.";
|
| + return false;
|
| + }
|
| +
|
| + if (stat_info.st_mode & S_IWOTH) {
|
| + LOG(ERROR) << "Path " << path.value()
|
| + << " is writable by any user.";
|
| + return false;
|
| + }
|
| +
|
| + return true;
|
| +}
|
| +
|
| +} // namespace
|
| +
|
| static std::string TempFileName() {
|
| #if defined(OS_MACOSX)
|
| return StringPrintf(".%s.XXXXXX", base::mac::BaseBundleID());
|
| @@ -940,4 +987,65 @@ bool CopyFile(const FilePath& from_path, const FilePath& to_path) {
|
| }
|
| #endif // defined(OS_MACOSX)
|
|
|
| +bool VerifyPathControlledByUser(const FilePath& base,
|
| + const FilePath& path,
|
| + uid_t owner_uid,
|
| + gid_t group_gid) {
|
| + if (base != path && !base.IsParent(path)) {
|
| + LOG(ERROR) << "|base| must be a subdirectory of |path|. base = \""
|
| + << base.value() << "\", path = \"" << path.value() << "\"";
|
| + return false;
|
| + }
|
| +
|
| + std::vector<FilePath::StringType> base_components;
|
| + std::vector<FilePath::StringType> path_components;
|
| +
|
| + base.GetComponents(&base_components);
|
| + path.GetComponents(&path_components);
|
| +
|
| + std::vector<FilePath::StringType>::const_iterator ib, ip;
|
| + for (ib = base_components.begin(), ip = path_components.begin();
|
| + ib != base_components.end(); ++ib, ++ip) {
|
| + // |base| must be a subpath of |path|, so all components should match.
|
| + // If these CHECKs fail, look at the test that base is a parent of
|
| + // path at the top of this function.
|
| + CHECK(ip != path_components.end());
|
| + CHECK(*ip == *ib);
|
| + }
|
| +
|
| + FilePath current_path = base;
|
| + if (!VerifySpecificPathControlledByUser(current_path, owner_uid, group_gid))
|
| + return false;
|
| +
|
| + for (; ip != path_components.end(); ++ip) {
|
| + current_path = current_path.Append(*ip);
|
| + if (!VerifySpecificPathControlledByUser(current_path, owner_uid, group_gid))
|
| + return false;
|
| + }
|
| + return true;
|
| +}
|
| +
|
| +#if defined(OS_MACOSX)
|
| +bool VerifyPathControlledByAdmin(const FilePath& path) {
|
| + const unsigned kRootUid = 0;
|
| + const FilePath kFileSystemRoot("/");
|
| +
|
| + // The name of the administrator group on mac os.
|
| + const char kAdminGroupName[] = "admin";
|
| +
|
| + // Reading the groups database may touch the file system.
|
| + base::ThreadRestrictions::AssertIOAllowed();
|
| +
|
| + struct group *group_record = getgrnam(kAdminGroupName);
|
| + if (!group_record) {
|
| + PLOG(ERROR) << "Could not get the group ID of group \""
|
| + << kAdminGroupName << "\".";
|
| + return false;
|
| + }
|
| +
|
| + return VerifyPathControlledByUser(
|
| + kFileSystemRoot, path, kRootUid, group_record->gr_gid);
|
| +}
|
| +#endif // defined(OS_MACOSX)
|
| +
|
| } // namespace file_util
|
|
|
Chromium Code Reviews
Issue 7718021:
Add external extensions json source in proper mac location. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src