credential-cache--daemon: disallow relative socket path

Relative socket paths are dangerous since the user cannot generally
control when the daemon starts (initially, after a timeout, kill or
crash). Since the daemon creates but does not delete the socket
directory, this could lead to spurious directory creation relative
to the users cwd.

Suggested-by: Jeff King <peff@peff.net>
Signed-off-by: Jon Griffiths <jon_p_griffiths@yahoo.com>
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/Documentation/git-credential-cache.txt b/Documentation/git-credential-cache.txt
index 89b730632d603771f36d2c93722f57fbecb1b313..96208f822e0995f97664423038abe1f406431986 100644 (file)
--- a/Documentation/git-credential-cache.txt
+++ b/Documentation/git-credential-cache.txt
@@ -36,7 +36,7 @@ OPTIONS
        cache daemon if one is not started). Defaults to
        `~/.git-credential-cache/socket`. If your home directory is on a
        network-mounted filesystem, you may need to change this to a
-       local filesystem.
+       local filesystem. You must specify an absolute path.
 
 CONTROLLING THE DAEMON
 ----------------------

diff --git a/credential-cache--daemon.c b/credential-cache--daemon.c
index 118d04f137fad72e7bc3aa5693129d75e0aa3b83..fe3779472cedc159dd8d6960f498c5f742782933 100644 (file)
--- a/credential-cache--daemon.c
+++ b/credential-cache--daemon.c
@@ -262,6 +262,9 @@ int main(int argc, const char **argv)
        if (!socket_path)
                usage_with_options(usage, options);
 
+       if (!is_absolute_path(socket_path))
+               die("socket directory must be an absolute path");
+
        init_socket_directory(socket_path);
        register_tempfile(&socket_file, socket_path);