From 25e1e56306943311bfb6d5e40ce5e2282792ef1b Mon Sep 17 00:00:00 2001
From: Daniel Friesel <derf@derf.homelinux.org>
Date: Sat, 23 Aug 2008 11:42:31 +0200
Subject: bin/envstore: Renamed pickle milename to comply to the completion,
 added security measures from upstream

---
 bin/envstore | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/bin/envstore b/bin/envstore
index e3971ba..fdedb20 100755
--- a/bin/envstore
+++ b/bin/envstore
@@ -19,6 +19,7 @@
 import cPickle as pickle
 import getopt
 import os
+import stat
 import sys
 
 def usage():
@@ -57,14 +58,17 @@ try:
 except IndexError:
     usage()
 
-store_filename = os.environ["HOME"] + "/var/tmp/envstore-" + str(os.getuid())
+store_filename = "/tmp/envstore-" + str(os.getuid())
 raw_filename = os.environ["HOME"] + "/var/tmp/envstore-raw-" + str(os.getuid())
 
 try:
+    if os.stat(store_filename).st_uid != os.getuid():
+        print >> sys.stderr, "envstore: Store file does not belong to current user"
+        sys.exit(6)
     store_file = open(store_filename)
     store = pickle.load(store_file)
     store_file.close()
-except IOError:
+except (IOError, OSError):
     store = {}
 
 if command == "show":
-- 
cgit v1.2.3