AuroraMiddleware/qt5base-lts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
47,339 Commits 4 Branches 0 Tags 339 MiB
C++ 84.2%
HTML 5.1%
C 4.2%
CMake 2.9%
Objective-C++ 2%
Other 1%
ad5a65b6a2
Go to file
Thiago Macieira ad5a65b6a2 QStandardPaths/Unix: improve the XDG_RUNTIME_DIR creation/detection 
First, use QT_MKDIR instead of QFileSystemEngine::createDirectory(), as
the latter can't create a directory with the right permissions. That
would allow an attacker to briefly obtain access to the runtime dir
between the mkdir() and chmod() system calls.

Second, make sure that if the target already exists that it is a
directory and not a symlink (even to a directory). If it is a symlink
that belongs to another user, it can be changed to point to another
place, which we won't like.

And as a bonus, we're printing more information to the user in case
something went wrong. Sample outputs:

 QStandardPaths: runtime directory '/root' is not owned by UID 1000, but a directory permissions 0700 owned by UID 0 GID 0

 QStandardPaths: runtime directory '/dev/null' is not a directory, but a character device, socket or FIFO permissions 0666 owned by UID 0 GID 0

 QStandardPaths: runtime directory '/etc/passwd' is not a directory, but a regular file permissions 0644 owned by UID 0 GID 0

 QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-tjmaciei'
 QStandardPaths: runtime directory '/tmp/runtime-tjmaciei' is not a directory, but a symbolic link to a directory permissions 0755 owned by UID 1000 GID 100

Pick-to: 5.15 5.12 5.9
Change-Id: Iea47e0f8fc8b40378df7fffd16248b663794c613
Reviewed-by: David Faure <david.faure@kdab.com>
2020-08-25 16:13:44 -07:00
.github/workflows GitHub Actions: Fix actions build 2020-08-14 21:40:28 +02:00
bin Windows: Avoid syncqt needlessly re-generating headers 2020-08-19 12:46:09 +02:00
cmake Port headersclean check to CMake 2020-08-25 21:13:08 +02:00
coin CMake: Use CMAKE_AUTOGEN_VERBOSE to see moc invocations 2020-07-24 17:33:17 +02:00
config.tests CMake: Skip regeneration of manual compile test project 2020-04-09 11:26:46 +02:00
dist Remove last remainings of Qt Quick 1 imports 2020-05-25 11:48:12 +02:00
doc Move QStateMachine from QtCore to QtScxml 2020-08-24 20:10:25 +02:00
examples Move QStateMachine from QtCore to QtScxml 2020-08-24 20:10:25 +02:00
lib Purge all fonts 2015-08-18 19:59:14 +00:00
mkspecs Android: Fix building apps when Qt is configured with one ABI 2020-08-26 01:13:32 +02:00
qmake Doc: Improve documentation of ANDROID_EXTRA_PLUGINS qmake variable 2020-08-25 07:25:24 +00:00
src QStandardPaths/Unix: improve the XDG_RUNTIME_DIR creation/detection 2020-08-25 16:13:44 -07:00
tests QStandardPaths/Unix: improve the XDG_RUNTIME_DIR creation/detection 2020-08-25 16:13:44 -07:00
util pro2cmake.py: support multiple versions in QT_QML_SOURCE_VERSION 2020-08-23 11:05:15 +02:00
.cmake.conf pro2cmake.py: Generate .cmake.conf files for versioning 2020-04-30 17:44:03 +00:00
.gitattributes Update the git-archive export options 2012-09-07 15:39:31 +02:00
.gitignore Remove the QPF2 font engine 2020-08-24 07:08:45 +02:00
.lgtm.yml Skip LGTM analysis for the bootstrap library and tools 2020-07-16 01:04:34 +02:00
.prev_qt_cmdline.cmake CMake: Re-implement configure/qmake's command line handling in CMake 2020-08-17 08:08:20 +02:00
.qmake.conf Bump version 2020-02-02 13:41:14 +01:00
.tag Update the git-archive export options 2012-09-07 15:39:31 +02:00
CMakeLists.txt CMake: Fix tst_moc to build when tests are built as part of Qt tree 2020-08-23 11:04:20 +02:00
config_help.txt Make -qtlibinfix affect the names of plugins by default 2020-07-13 20:30:18 +02:00
configure CMake: Fix configure -redo on Unix 2020-08-20 17:07:09 +02:00
configure.bat CMake: Fix top-level configure 2020-07-16 15:00:37 +02:00
configure.cmake CMake: Implement configure -gdb-index 2020-08-23 11:05:01 +02:00
configure.json Remove Qt 5.1 binary-compatibility warning 2020-08-18 12:55:38 +02:00
configure.pri Treat -xplatform or -device-option as being a cross compilation 2020-07-08 19:18:09 +02:00
dependencies.yaml Re-add dependencies.yaml so repos outside qt5 can be built with Coin 2019-09-19 17:07:36 +00:00
header.BSD Use placeholder for year in header.* files 2018-04-16 11:02:22 +00:00
header.COMM Use placeholder for year in header.* files 2018-04-16 11:02:22 +00:00
header.FDL Use placeholder for year in header.* files 2018-04-16 11:02:22 +00:00
header.GPL Use placeholder for year in header.* files 2018-04-16 11:02:22 +00:00
header.GPL-EXCEPT Use placeholder for year in header.* files 2018-04-16 11:02:22 +00:00
header.LGPL Use placeholder for year in header.* files 2018-04-16 11:02:22 +00:00
header.LGPL3 Use placeholder for year in header.* files 2018-04-16 11:02:22 +00:00
header.LGPL3-COMM Use placeholder for year in header.* files 2018-04-16 11:02:22 +00:00
header.LGPL-NOGPL2 Use placeholder for year in header.* files 2018-04-16 11:02:22 +00:00
header.LGPL-ONLY Use placeholder for year in header.* files 2018-04-16 11:02:22 +00:00
header.MIT qsimd: add support for new x86 CPU features 2018-05-05 06:20:07 +00:00
INSTALL INSTALL: Remove outdated reference to Windows CE 2019-02-13 13:01:57 +00:00
LICENSE.FDL Initial import from the monolithic Qt. 2011-04-27 12:05:43 +02:00
LICENSE.GPL2 Add new license header templates and license files 2016-01-14 20:43:46 +00:00
LICENSE.GPL3 Add new license header templates and license files 2016-01-14 20:43:46 +00:00
LICENSE.GPL3-EXCEPT Add new license header templates and license files 2016-01-14 20:43:46 +00:00
LICENSE.LGPL3 Add new license header templates and license files 2016-01-14 20:43:46 +00:00
LICENSE.LGPLv3 Remove LICENSE.GPLv3, LICENSE.LGPLv21, LGPL_EXCEPTION.txt 2018-04-16 11:02:14 +00:00
LICENSE.QT-LICENSE-AGREEMENT Update enterprise license agreement v4.2.1 2019-12-18 13:07:19 +02:00
qt_cmdline.cmake CMake: Re-implement configure/qmake's command line handling in CMake 2020-08-17 08:08:20 +02:00
qtbase.pro Update qmake before building src 2020-08-19 18:25:51 +02:00
sync.profile Remove last remaining bits of QtPlatformHeaders 2020-08-04 07:12:32 +02:00