1XCOMM!/bin/sh 2XCOMM Copyright (c) 2008-2012 Apple Inc. 3XCOMM 4XCOMM Permission is hereby granted, free of charge, to any person 5XCOMM obtaining a copy of this software and associated documentation files 6XCOMM (the "Software"), to deal in the Software without restriction, 7XCOMM including without limitation the rights to use, copy, modify, merge, 8XCOMM publish, distribute, sublicense, and/or sell copies of the Software, 9XCOMM and to permit persons to whom the Software is furnished to do so, 10XCOMM subject to the following conditions: 11XCOMM 12XCOMM The above copyright notice and this permission notice shall be 13XCOMM included in all copies or substantial portions of the Software. 14XCOMM 15XCOMM THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 16XCOMM EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 17XCOMM MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 18XCOMM NONINFRINGEMENT. IN NO EVENT SHALL THE ABOVE LISTED COPYRIGHT 19XCOMM HOLDER(S) BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, 20XCOMM WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21XCOMM OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 22XCOMM DEALINGS IN THE SOFTWARE. 23XCOMM 24XCOMM Except as contained in this notice, the name(s) of the above 25XCOMM copyright holders shall not be used in advertising or otherwise to 26XCOMM promote the sale, use or other dealings in this Software without 27XCOMM prior written authorization. 28 29XCOMM Make sure these are owned by root 30 31XCOMM Our usage of mktemp fails with GNU, so prefer /usr/bin to hopefully 32XCOMM get BSD mktemp 33if [ -x /usr/bin/mktemp ] ; then 34 MKTEMP=/usr/bin/mktemp 35else 36 MKTEMP=mktemp 37fi 38 39STAT=/usr/bin/stat 40 41for dir in /tmp/.ICE-unix /tmp/.X11-unix /tmp/.font-unix ; do 42 success=0 43 for attempt in 1 2 3 4 5 ; do 44 check=`${STAT} -f '%#p %u %g' ${dir} 2> /dev/null` 45 if [ "${check}" = "041777 0 0" ] ; then 46 success=1 47 break 48 elif [ -n "${check}" ] ; then 49 saved=$(${MKTEMP} -d ${dir}-XXXXXXXX) 50 mv ${dir} ${saved} 51 echo "${dir} exists but is insecure. It has been moved into ${saved}" >&2 52 fi 53 54 # Use mktemp rather than mkdir to avoid possible security issue 55 # if $dir exists and is a symlink (ie protect against a race 56 # against the above check) 57 if ${MKTEMP} -d ${dir} > /dev/null 2>&1 ; then 58 chmod 1777 $dir 59 chown root:wheel $dir 60 success=1 61 break 62 fi 63 done 64 65 if [ "${success}" -eq 0 ] ; then 66 echo "Could not successfully create ${dir}" >&2 67 fi 68done 69