mirror of https://github.com/mpv-player/mpv
TOOLS/umpv: create FIFO in user directory
Makes these security measures unnecessary.
This commit is contained in:
parent
7822b97033
commit
51a3f13705
22
TOOLS/umpv
22
TOOLS/umpv
|
@ -28,14 +28,6 @@ Note: you can supply custom mpv path and options with the MPV environment
|
||||||
first item is used as path to mpv binary and the rest is passed as options
|
first item is used as path to mpv binary and the rest is passed as options
|
||||||
_if_ the script starts mpv. If mpv is not started by the script (i.e. mpv
|
_if_ the script starts mpv. If mpv is not started by the script (i.e. mpv
|
||||||
is already running), this will be ignored.
|
is already running), this will be ignored.
|
||||||
|
|
||||||
Warning:
|
|
||||||
|
|
||||||
The script attempts to make sure the FIFO is safely created (i.e. not world-
|
|
||||||
writable), and checks that it's really a FIFO. This is important for security,
|
|
||||||
because the FIFO allows anyone with write access to run arbitrary commands
|
|
||||||
in mpv's context using the "run" input command. If you are worried about
|
|
||||||
security, you should verify that the code handles these concerns correctly.
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
import sys
|
import sys
|
||||||
|
@ -65,7 +57,7 @@ def make_abs(filename):
|
||||||
return filename
|
return filename
|
||||||
files = [make_abs(f) for f in files]
|
files = [make_abs(f) for f in files]
|
||||||
|
|
||||||
FIFO = "/tmp/umpv-fifo-" + os.getenv("USER")
|
FIFO = os.path.join(os.getenv("HOME"), ".umpv_fifo")
|
||||||
|
|
||||||
fifo_fd = -1
|
fifo_fd = -1
|
||||||
try:
|
try:
|
||||||
|
@ -78,15 +70,6 @@ except OSError as e:
|
||||||
else:
|
else:
|
||||||
raise e
|
raise e
|
||||||
|
|
||||||
if fifo_fd >= 0:
|
|
||||||
st = os.fstat(fifo_fd)
|
|
||||||
if (((st.st_mode & (stat.S_IRWXG | stat.S_IRWXO)) != 0) or
|
|
||||||
(not stat.S_ISFIFO(st.st_mode)) or
|
|
||||||
(st.st_uid != os.getuid())):
|
|
||||||
sys.stderr.write("error: command FIFO is not a FIFO or has bogus "
|
|
||||||
"permissions\n")
|
|
||||||
sys.exit(1)
|
|
||||||
|
|
||||||
if fifo_fd >= 0:
|
if fifo_fd >= 0:
|
||||||
# Unhandled race condition: what if mpv is terminating right now?
|
# Unhandled race condition: what if mpv is terminating right now?
|
||||||
fcntl.fcntl(fifo_fd, fcntl.F_SETFL, 0) # set blocking mode
|
fcntl.fcntl(fifo_fd, fcntl.F_SETFL, 0) # set blocking mode
|
||||||
|
@ -103,10 +86,7 @@ else:
|
||||||
try:
|
try:
|
||||||
os.unlink(FIFO)
|
os.unlink(FIFO)
|
||||||
except OSError as e:
|
except OSError as e:
|
||||||
if e.errno == errno.ENOENT:
|
|
||||||
pass
|
pass
|
||||||
else:
|
|
||||||
raise e
|
|
||||||
os.mkfifo(FIFO, 0o600)
|
os.mkfifo(FIFO, 0o600)
|
||||||
|
|
||||||
opts = (os.getenv("MPV") or "mpv").split()
|
opts = (os.getenv("MPV") or "mpv").split()
|
||||||
|
|
Loading…
Reference in New Issue