From 3d29520b3d49bec3e5495c7cd342cb6c09b576d0 Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Fri, 8 Jan 2010 08:27:20 +0000
Subject: [PATCH] Utilities::getTempDir: Make sure that the temporary directory
 is owned by the current user.

This fixes a potential situation where another user creates the
temporary before simpleSAMLphp attempts to create it. Anther user
creating the directory could make simpleSAMLphp overwrite arbitrary
files on the system.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2081 44740490-163a-0410-bde0-09ae8108e29a
---
 lib/SimpleSAML/Utilities.php | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/lib/SimpleSAML/Utilities.php b/lib/SimpleSAML/Utilities.php
index deaac7014..5e4459bc4 100644
--- a/lib/SimpleSAML/Utilities.php
+++ b/lib/SimpleSAML/Utilities.php
@@ -2074,6 +2074,14 @@ class SimpleSAML_Utilities {
 				throw new SimpleSAML_Error_Exception('Error creating temp dir ' .
 					var_export($tempDir, TRUE) . ': ' . SimpleSAML_Utilities::getLastError());
 			}
+		} elseif (function_exists('posix_getuid')) {
+
+			/* Check that the owner of the temp diretory is the current user. */
+			$stat = lstat($tempDir);
+			if ($stat['uid'] !== posix_getuid()) {
+				throw new SimpleSAML_Error_Exception('Temp directory (' . var_export($tempDir, TRUE) .
+					') not owned by current user.');
+			}
 		}
 
 		return $tempDir;
-- 
GitLab