Do not use a predictible filename in /tmp for pid
Since any user can write the file in /tmp, any user could inject a incorrect pid or anything ( that would be passed to kill later ), or to put a link to a file ( which would be erased if the timing is good ) when SparkleShare is started. So using a file in the hme, prefixed with the hostname ( for nfs shared home ). This is a problem only on distribution where $XDG_RUNTIME_DIR is not set ( for example RHEL 6 ).
This commit is contained in:
parent
6d2852622f
commit
c1bdc05b91
|
@ -8,7 +8,7 @@ fi
|
||||||
if [ "$XDG_RUNTIME_DIR" ]; then
|
if [ "$XDG_RUNTIME_DIR" ]; then
|
||||||
pidfile=${XDG_RUNTIME_DIR}/sparkleshare.pid
|
pidfile=${XDG_RUNTIME_DIR}/sparkleshare.pid
|
||||||
else
|
else
|
||||||
pidfile=/tmp/sparkleshare-${USER}.pid
|
pidfile=~/.sparkleshare-$(hostname)-${USER}.pid
|
||||||
fi
|
fi
|
||||||
|
|
||||||
start() {
|
start() {
|
||||||
|
|
Loading…
Reference in a new issue