Oops, I forgot "then" in my last post:
- if [ ! -O $SOCKET_DIR ];
+ if [ ! -O $SOCKET_DIR ]; then
I have attached a patch. Hope this helps.
--- a/debian/x11-common.init 2010-09-04 19:26:52.000000000 +0200
+++ b/debian/x11-common.init 2012-03-02 13:37:29.000000000 +0100
@@ -26,16 +26,26 @@
fi
}
+do_createdir () {
+ local DIR="$1"
+ if { [ -e $DIR ] && [ ! -d $DIR ]; } ||
+ { [ -e $DIR ] && [ ! -O $DIR ]; } ||
+ [ -h $DIR ]; then
+ mv $DIR $DIR.$$
+ fi
+
+ if [ ! -O $DIR ]; then
+ # symlink, malicious files will give a failure here
+ mkdir -m 1777 $DIR
+ fi
+}
+
set_up_socket_dir () {
if [ "$VERBOSE" != no ]; then
log_begin_msg "Setting up X server socket directory $SOCKET_DIR..."
fi
- if [ -e $SOCKET_DIR ] && [ ! -d $SOCKET_DIR ]; then
- mv $SOCKET_DIR $SOCKET_DIR.$$
- fi
- mkdir -p $SOCKET_DIR
- chown root:root $SOCKET_DIR
- chmod 1777 $SOCKET_DIR
+
+ do_createdir $SOCKET_DIR
do_restorecon $SOCKET_DIR
[ "$VERBOSE" != no ] && log_end_msg 0 || return 0
}
@@ -44,12 +54,8 @@
if [ "$VERBOSE" != no ]; then
log_begin_msg "Setting up ICE socket directory $ICE_DIR..."
fi
- if [ -e $ICE_DIR ] && [ ! -d $ICE_DIR ]; then
- mv $ICE_DIR $ICE_DIR.$$
- fi
- mkdir -p $ICE_DIR
- chown root:root $ICE_DIR
- chmod 1777 $ICE_DIR
+
+ do_createdir $ICE_DIR
do_restorecon $ICE_DIR
[ "$VERBOSE" != no ] && log_end_msg 0 || return 0
}
