First, use QT_MKDIR instead of QFileSystemEngine::createDirectory(), as
the latter can't create a directory with the right permissions. That
would allow an attacker to briefly obtain access to the runtime dir
between the mkdir() and chmod() system calls.
Second, make sure that if the target already exists that it is a
directory and not a symlink (even to a directory). If it is a symlink
that belongs to another user, it can be changed to point to another
place, which we won't like.
And as a bonus, we're printing more information to the user in case
something went wrong. Sample outputs:
QStandardPaths: runtime directory '/root' is not owned by UID 1000, but a directory permissions 0700 owned by UID 0 GID 0
QStandardPaths: runtime directory '/dev/null' is not a directory, but a character device, socket or FIFO permissions 0666 owned by UID 0 GID 0
QStandardPaths: runtime directory '/etc/passwd' is not a directory, but a regular file permissions 0644 owned by UID 0 GID 0
QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-tjmaciei'
QStandardPaths: runtime directory '/tmp/runtime-tjmaciei' is not a directory, but a symbolic link to a directory permissions 0755 owned by UID 1000 GID 100
Pick-to: 5.15 5.12 5.9
Change-Id: Iea47e0f8fc8b40378df7fffd16248b663794c613
Reviewed-by: David Faure <david.faure@kdab.com>
ad5a65b6a2