summaryrefslogtreecommitdiff
path: root/bin
diff options
context:
space:
mode:
authorDaniel Friesel <derf@derf.homelinux.org>2008-08-23 11:42:31 +0200
committerDaniel Friesel <derf@derf.homelinux.org>2008-08-23 11:42:31 +0200
commit25e1e56306943311bfb6d5e40ce5e2282792ef1b (patch)
treec30ca3d39523dcc52cd0052c605a140f309530fd /bin
parent8a8c2199e83698ca477a60a7fd9a0e4737b4d033 (diff)
bin/envstore: Renamed pickle milename to comply to the completion, added security measures from upstream
Diffstat (limited to 'bin')
-rwxr-xr-xbin/envstore8
1 files changed, 6 insertions, 2 deletions
diff --git a/bin/envstore b/bin/envstore
index e3971ba..fdedb20 100755
--- a/bin/envstore
+++ b/bin/envstore
@@ -19,6 +19,7 @@
import cPickle as pickle
import getopt
import os
+import stat
import sys
def usage():
@@ -57,14 +58,17 @@ try:
except IndexError:
usage()
-store_filename = os.environ["HOME"] + "/var/tmp/envstore-" + str(os.getuid())
+store_filename = "/tmp/envstore-" + str(os.getuid())
raw_filename = os.environ["HOME"] + "/var/tmp/envstore-raw-" + str(os.getuid())
try:
+ if os.stat(store_filename).st_uid != os.getuid():
+ print >> sys.stderr, "envstore: Store file does not belong to current user"
+ sys.exit(6)
store_file = open(store_filename)
store = pickle.load(store_file)
store_file.close()
-except IOError:
+except (IOError, OSError):
store = {}
if command == "show":