github.com/xyproto/u-root@v6.0.1-0.20200302025726-5528e0c77a3c+incompatible/cmds/core/elvish/runtime/sys_unix.go

github.com/xyproto/u-root@v6.0.1-0.20200302025726-5528e0c77a3c+incompatible/cmds/core/elvish/runtime/sys_unix.go (about)

     1  // +build !windows,!plan9
     2  
     3  package runtime
     4  
     5  import (
     6  	"fmt"
     7  	"os"
     8  	"path/filepath"
     9  	"syscall"
    10  )
    11  
    12  // getSecureRunDir stats elvish-$uid under the default temp dir, creating it if
    13  // it doesn't yet exist, and return the directory name if it has the correct
    14  // owner and permission.
    15  func getSecureRunDir() (string, error) {
    16  	uid := os.Getuid()
    17  	runDir := filepath.Join(os.TempDir(), fmt.Sprintf("elvish-%d", uid))
    18  	err := os.MkdirAll(runDir, 0700)
    19  	if err != nil {
    20  		return "", fmt.Errorf("mkdir: %v", err)
    21  	}
    22  
    23  	info, err := os.Stat(runDir)
    24  	if err != nil {
    25  		return "", err
    26  	}
    27  
    28  	return runDir, checkExclusiveAccess(info, uid)
    29  }
    30  
    31  func checkExclusiveAccess(info os.FileInfo, uid int) error {
    32  	stat := info.Sys().(*syscall.Stat_t)
    33  	if int(stat.Uid) != uid {
    34  		return ErrBadOwner
    35  	}
    36  	if stat.Mode&077 != 0 {
    37  		return ErrBadPermission
    38  	}
    39  	return nil
    40  }