forked from elves/elvish
-
Notifications
You must be signed in to change notification settings - Fork 0
/
sys_unix.go
40 lines (34 loc) · 844 Bytes
/
sys_unix.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
// +build !windows,!plan9
package runtime
import (
"fmt"
"os"
"path/filepath"
"syscall"
)
// getSecureRunDir stats elvish-$uid under the default temp dir, creating it if
// it doesn't yet exist, and return the directory name if it has the correct
// owner and permission.
func getSecureRunDir() (string, error) {
uid := os.Getuid()
runDir := filepath.Join(os.TempDir(), fmt.Sprintf("elvish-%d", uid))
err := os.MkdirAll(runDir, 0700)
if err != nil {
return "", fmt.Errorf("mkdir: %v", err)
}
info, err := os.Stat(runDir)
if err != nil {
return "", err
}
return runDir, checkExclusiveAccess(info, uid)
}
func checkExclusiveAccess(info os.FileInfo, uid int) error {
stat := info.Sys().(*syscall.Stat_t)
if int(stat.Uid) != uid {
return ErrBadOwner
}
if stat.Mode&077 != 0 {
return ErrBadPermission
}
return nil
}