> Thinking about it .. would a call to access(2) with R_OK|W_OK|R_OK|F_OK
> satisfy
> everyone ? Or only F_OK ?
Sounds better than chdir(2), but it will lack if datadir was passed to access(2)
without including trailing "/"
eg with access(datadir, F_OK):
$ touch /home/gsoares/testfile <- creating a file, not a directory
$ doas ./ldapd -r /home/gsoares/testfile ; echo $? <- no trailing
/home/gsoares/testfile"/"
0
so for directory existence check, I would suggest to use just stat(2). diff
attached.
Index: ldapd.c
===================================================================
RCS file: /cvs/src/usr.sbin/ldapd/ldapd.c,v
retrieving revision 1.17
diff -u -p -r1.17 ldapd.c
--- ldapd.c 1 Feb 2016 20:00:18 -0000 1.17
+++ ldapd.c 2 Feb 2016 10:10:43 -0000
@@ -17,6 +17,7 @@
*/
#include <sys/queue.h>
+#include <sys/stat.h>
#include <sys/un.h>
#include <sys/types.h>
#include <sys/wait.h>
@@ -117,6 +118,7 @@ main(int argc, char *argv[])
struct event ev_sigterm;
struct event ev_sigchld;
struct event ev_sighup;
+ struct stat s;
datadir = DATADIR;
log_init(1); /* log to stderr until daemonized */
@@ -178,8 +180,8 @@ main(int argc, char *argv[])
skip_chroot = 1;
}
- if (datadir && chdir(datadir))
- err(1, "chdir");
+ if ((stat(datadir, &s) == -1) || !S_ISDIR(s.st_mode))
+ errx(1, "Invalid directory");
if (!skip_chroot && (pw = getpwnam(LDAPD_USER)) == NULL)
err(1, "%s", LDAPD_USER);
