From 1bc3440968a7de09da386667d5821a4128bf2677 Mon Sep 17 00:00:00 2001 From: Joel Schaerer Date: Wed, 30 Mar 2011 20:03:38 +0200 Subject: [PATCH] avoid overwriting another user's database Should fix issue #39 --- autojump | 35 +++++++++++++++++++---------------- 1 file changed, 19 insertions(+), 16 deletions(-) diff --git a/autojump b/autojump index 546f247..2118056 100755 --- a/autojump +++ b/autojump @@ -49,22 +49,25 @@ def dicadd(dic, key, increment=1): def save(path_dict, dic_file): """Save the database in an atomic way, and preserve a backup file.""" - temp = NamedTemporaryFile(dir=CONFIG_DIR, delete=False) - pickle.dump(path_dict, temp, -1) - temp.flush() - os.fsync(temp) - temp.close() - #cf. http://thunk.org/tytso/blog/2009/03/15/dont-fear-the-fsync/ - os.rename(temp.name, dic_file) - try: #backup file - import time - if (not os.path.exists(dic_file+".bak") or - time.time()-os.path.getmtime(dic_file+".bak")>86400): - import shutil - shutil.copy(dic_file, dic_file+".bak") - except OSError as ex: - print("Error while creating backup autojump file. (%s)" % - ex, file=stderr) + # If the dic_file exists, check that it belongs to us + # Otherwise, fail quietly + if (not os.path.exists(dic_file)) or os.getuid() == os.stat(dic_file)[4]: + temp = NamedTemporaryFile(dir=CONFIG_DIR, delete=False) + pickle.dump(path_dict, temp, -1) + temp.flush() + os.fsync(temp) + temp.close() + #cf. http://thunk.org/tytso/blog/2009/03/15/dont-fear-the-fsync/ + os.rename(temp.name, dic_file) + try: #backup file + import time + if (not os.path.exists(dic_file+".bak") or + time.time()-os.path.getmtime(dic_file+".bak")>86400): + import shutil + shutil.copy(dic_file, dic_file+".bak") + except OSError as ex: + print("Error while creating backup autojump file. (%s)" % + ex, file=stderr) def forget(path_dict, dic_file): """Gradually forget about directories. Only call