1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-28 07:47:34 +00:00

LibCore+LaunchServer: Move portal directory to /tmp/user/%uid

The `/tmp/user` directory is owned by root, this solution prevents
malicious users to interfere with other users' portals.

This commit also moves `launch`'s portal in the user directory.
This commit is contained in:
Lucas CHOLLET 2022-08-07 18:10:26 +02:00 committed by Linus Groh
parent f0012c2162
commit c5b7c9f479
17 changed files with 25 additions and 20 deletions

View file

@ -34,7 +34,7 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
TRY(Core::System::unveil("/res", "r"));
TRY(Core::System::unveil("/usr/share/man", "r"));
TRY(Core::System::unveil("/tmp/portal/filesystemaccess", "rw"));
TRY(Core::System::unveil("/tmp/100/portal/launch", "rw"));
TRY(Core::System::unveil("/tmp/user/100/portal/launch", "rw"));
TRY(Core::System::unveil("/tmp/portal/webcontent", "rw"));
TRY(Core::System::unveil(nullptr, nullptr));

View file

@ -28,7 +28,7 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
TRY(Core::System::unveil("/etc", "r"));
TRY(Core::System::unveil("/tmp/portal/webcontent", "rw"));
TRY(Core::System::unveil("/tmp/portal/lookup", "rw"));
TRY(Core::System::unveil("/tmp/100/portal/launch", "rw"));
TRY(Core::System::unveil("/tmp/user/100/portal/launch", "rw"));
TRY(Core::System::unveil(nullptr, nullptr));
TRY(Desktop::Launcher::add_allowed_url(URL::create_with_file_protocol("/bin/MailSettings")));

View file

@ -432,7 +432,7 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
TRY(Core::System::unveil("/bin/TerminalSettings", "x"));
TRY(Core::System::unveil("/bin/utmpupdate", "x"));
TRY(Core::System::unveil("/etc/FileIconProvider.ini", "r"));
TRY(Core::System::unveil("/tmp/100/portal/launch", "rw"));
TRY(Core::System::unveil("/tmp/user/100/portal/launch", "rw"));
TRY(Core::System::unveil("/tmp/portal/config", "rw"));
TRY(Core::System::unveil(nullptr, nullptr));

View file

@ -32,7 +32,7 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
parser.parse(arguments);
TRY(Core::System::unveil("/res", "r"));
TRY(Core::System::unveil("/tmp/100/portal/launch", "rw"));
TRY(Core::System::unveil("/tmp/user/100/portal/launch", "rw"));
TRY(Core::System::unveil("/tmp/portal/webcontent", "rw"));
TRY(Core::System::unveil("/tmp/portal/filesystemaccess", "rw"));
TRY(Core::System::unveil(nullptr, nullptr));