diff options
| author | Junio C Hamano <gitster@pobox.com> | 2016-02-26 21:37:20 (GMT) |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2016-02-26 21:37:20 (GMT) |
| commit | 2a24444aaeaabd8559751b02015c025157604f38 (patch) | |
| tree | 0e4cc474c6a8af43a2b30d42f502d80232b7e7ef /credential-cache--daemon.c | |
| parent | 225caa73f25f8577a710f406b2670c3bcf0aef34 (diff) | |
| parent | 6e6144905188a76ef75c5418bd48c333adeebdcd (diff) | |
| download | git-2a24444aaeaabd8559751b02015c025157604f38.zip git-2a24444aaeaabd8559751b02015c025157604f38.tar.gz git-2a24444aaeaabd8559751b02015c025157604f38.tar.bz2 | |
Merge branch 'jg/credential-cache-chdir-to-sockdir'
The "credential-cache" daemon process used to run in whatever
directory it happened to start in, but this made umount(2)ing the
filesystem that houses the repository harder; now the process
chdir()s to the directory that house its own socket on startup.
* jg/credential-cache-chdir-to-sockdir:
credential-cache--daemon: change to the socket dir on startup
credential-cache--daemon: disallow relative socket path
credential-cache--daemon: refactor check_socket_directory
Diffstat (limited to 'credential-cache--daemon.c')
| -rw-r--r-- | credential-cache--daemon.c | 38 |
1 files changed, 24 insertions, 14 deletions
diff --git a/credential-cache--daemon.c b/credential-cache--daemon.c index cc65a9c..caef21e 100644 --- a/credential-cache--daemon.c +++ b/credential-cache--daemon.c @@ -215,7 +215,7 @@ static const char permissions_advice[] = "users may be able to read your cached credentials. Consider running:\n" "\n" " chmod 0700 %s"; -static void check_socket_directory(const char *path) +static void init_socket_directory(const char *path) { struct stat st; char *path_copy = xstrdup(path); @@ -224,20 +224,27 @@ static void check_socket_directory(const char *path) if (!stat(dir, &st)) { if (st.st_mode & 077) die(permissions_advice, dir); - free(path_copy); - return; + } else { + /* + * We must be sure to create the directory with the correct mode, + * not just chmod it after the fact; otherwise, there is a race + * condition in which somebody can chdir to it, sleep, then try to open + * our protected socket. + */ + if (safe_create_leading_directories_const(dir) < 0) + die_errno("unable to create directories for '%s'", dir); + if (mkdir(dir, 0700) < 0) + die_errno("unable to mkdir '%s'", dir); } - /* - * We must be sure to create the directory with the correct mode, - * not just chmod it after the fact; otherwise, there is a race - * condition in which somebody can chdir to it, sleep, then try to open - * our protected socket. - */ - if (safe_create_leading_directories_const(dir) < 0) - die_errno("unable to create directories for '%s'", dir); - if (mkdir(dir, 0700) < 0) - die_errno("unable to mkdir '%s'", dir); + if (chdir(dir)) + /* + * We don't actually care what our cwd is; we chdir here just to + * be a friendly daemon and avoid tying up our original cwd. + * If this fails, it's OK to just continue without that benefit. + */ + ; + free(path_copy); } @@ -264,7 +271,10 @@ int main(int argc, const char **argv) if (!socket_path) usage_with_options(usage, options); - check_socket_directory(socket_path); + if (!is_absolute_path(socket_path)) + die("socket directory must be an absolute path"); + + init_socket_directory(socket_path); register_tempfile(&socket_file, socket_path); if (ignore_sighup) |