This protects against malicious mountpoints, and is roughly equivalent
to the suexec checks.
"""
- uid = util.get_dir_uid(location)
- real = os.path.realpath(location)
try:
+ uid = util.get_dir_uid(location)
+ real = os.path.realpath(location)
if not real.startswith(pwd.getpwuid(uid).pw_dir + "/"):
- logging.error("Security check failed, owner of deployment and"
- "owner of home directory mismatch for %s" % d.location)
+ logging.error("Security check failed, owner of deployment and "
+ "owner of home directory mismatch for %s" % location)
return False
except KeyError:
- logging.error("Security check failed, could not look up"
+ logging.error("Security check failed, could not look up "
"owner of %s (uid %d)" % (location, uid))
return False
+ except OSError as e:
+ logging.error("OSError: %s" % str(e))
+ return False
return True
def calculate_log_name(log_dir, i, dir):