Security changes

git-svn-id: svn+ssh://svn.gna.org/svn/gnustep/libs/base/trunk@9525 72102866-910b-0410-8b05-ffd578937521

ChangeLog

@@ -1,3 +1,8 @@
+2001-04-05  Richard Frith-Macdonald <rfm@gnu.org>
+
+	* Source/NSUser.m: NSTemporaryDirectory() rewrite for improved
+	security and reliability.  Expect MINGW update soon.
+
 2001-04-02  Richard Frith-Macdonald <rfm@gnu.org>
 
 	* Source/NSUser.m: Tidied some stuff to conform to coding standards.

Source/NSUser.m

@@ -263,30 +263,95 @@ NSStandardLibraryPaths(void)
 NSString *
 NSTemporaryDirectory(void)
 {
-  NSFileManager *manager;
+  NSFileManager	*manager;
-  NSString *tempDirName, *baseTempDirName;
+  NSString	*tempDirName;
+  NSString	*baseTempDirName = nil;
+  NSDictionary	*attr;
+  int		perm;
+  BOOL		flag;
 #if	defined(__WIN32__)
   char buffer[1024];
+
   if (GetTempPath(1024, buffer))
-    baseTempDirName = [NSString stringWithCString: buffer];
+    {
-  else 
+      baseTempDirName = [NSString stringWithCString: buffer];
-    baseTempDirName = @"C:\\";
+    }
-#else
-  baseTempDirName = @"/tmp";
 #endif
 
-  tempDirName = [baseTempDirName stringByAppendingPathComponent: NSUserName()];
+  /*
-  manager = [NSFileManager defaultManager];
+   * If the user has supplied a directory name in the TEMP or TMP
-  if ([manager fileExistsAtPath: tempDirName] == NO)
+   * environment variable, attempt to use that unless we already
+   * have a tem porary directory specified.
+   */
+  if (baseTempDirName == nil)
     {
-      NSDictionary *attr;
+      NSDictionary	*env = [[NSProcessInfo processInfo] environment];
 
-      attr = [NSDictionary dictionaryWithObject: [NSNumber numberWithInt: 0700]
+      baseTempDirName = [env objectForKey: @"TEMP"];
-					 forKey: NSFilePosixPermissions];
+      if (baseTempDirName == nil)
-      if ([manager createDirectoryAtPath: tempDirName attributes: attr] == NO)
+	{
-	tempDirName = baseTempDirName;
+	  baseTempDirName = [env objectForKey: @"TMP"];
+	  if (baseTempDirName == nil)
+	    {
+#if	defined(__WIN32__)
+	      baseTempDirName = @"C:\\";
+#else
+	      baseTempDirName = @"/tmp";
+#endif
+	    }
+	}
     }
 
+  /*
+   * Check that the base directory exists ... if it doesn't we can't
+   * go any further.
+   */
+  tempDirName = baseTempDirName;
+  manager = [NSFileManager defaultManager];
+  if ([manager fileExistsAtPath: tempDirName isDirectory: &flag] == NO
+    || flag == NO)
+    {
+      NSLog(@"Temporary directory (%@) does not seem to exist", tempDirName);
+      return nil;
+    }
+
+  /*
+   * Check that the directory owner (presumably us) has access to it,
+   * and nobody else.  If other people have access, try to create a
+   * secure subdirectory.
+   */
+  attr = [manager fileAttributesAtPath: tempDirName traverseLink: YES];
+  perm = [[attr objectForKey: NSFilePosixPermissions] intValue];
+  perm = perm & 0777;
+  if (perm != 0700 && perm != 0600)
+    {
+      /*
+      NSLog(@"Temporary directory (%@) may be insecure ... attempting to "
+	@"add secure subdirectory", tempDirName);
+      */
+
+      tempDirName
+	= [baseTempDirName stringByAppendingPathComponent: NSUserName()];
+      if ([manager fileExistsAtPath: tempDirName] == NO)
+	{
+	  NSNumber	*p = [NSNumber numberWithInt: 0700];
+
+	  attr = [NSDictionary dictionaryWithObject: p
+					     forKey: NSFilePosixPermissions];
+	  if ([manager createDirectoryAtPath: tempDirName
+				  attributes: attr] == NO)
+	    {
+	      tempDirName = baseTempDirName;
+	      NSLog(@"Temporary directory (%@) may be insecure", tempDirName);
+	    }
+	}
+    }
+
+  if ([manager isWritableFileAtPath: tempDirName] == NO)
+    {
+      NSLog(@"Temporary directory (%@) is not writable", tempDirName);
+      return nil;
+    }
   return tempDirName;
 }
 

Testing/basic.m

@@ -17,6 +17,7 @@ int main (int argc, char **argv)
   NSProcessInfo	*info = [NSProcessInfo processInfo];
   NSUserDefaults	*defaults;
   
+  NSLog(@"Temporary directory - %@", NSTemporaryDirectory());
   [info setProcessName: @"TestProcess"];
   defaults = [NSUserDefaults standardUserDefaults];
   NSLog(@"%@", [defaults  dictionaryRepresentation]);