#!/bin/sh
# Copyright (c) 2008-2012 Apple Inc.
#
# Permission is hereby granted, free of charge, to any person
# obtaining a copy of this software and associated documentation files
# (the "Software"), to deal in the Software without restriction,
# including without limitation the rights to use, copy, modify, merge,
# publish, distribute, sublicense, and/or sell copies of the Software,
# and to permit persons to whom the Software is furnished to do so,
# subject to the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT.  IN NO EVENT SHALL THE ABOVE LISTED COPYRIGHT
# HOLDER(S) BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
# WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
# DEALINGS IN THE SOFTWARE.
#
# Except as contained in this notice, the name(s) of the above
# copyright holders shall not be used in advertising or otherwise to
# promote the sale, use or other dealings in this Software without
# prior written authorization.
# Make sure these are owned by root
# Our usage of mktemp fails with GNU, so prefer /usr/bin to hopefully
# get BSD mktemp
if [ -x /usr/bin/mktemp ] ; then
    MKTEMP=/usr/bin/mktemp
else
    MKTEMP=mktemp
fi
STAT=/usr/bin/stat
for dir in /tmp/.ICE-unix /tmp/.X11-unix /tmp/.font-unix ; do
	success=0
	for attempt in 1 2 3 4 5 ; do
		check=`${STAT} -f '%#p %u %g' ${dir} 2> /dev/null`
		if [ "${check}" = "041777 0 0" ] ; then
			success=1
			break
		elif [ -n "${check}" ] ; then
			saved=$(${MKTEMP} -d ${dir}-XXXXXXXX)
			mv ${dir} ${saved}
			echo "${dir} exists but is insecure.  It has been moved into ${saved}" >&2
		fi
		# Use mktemp rather than mkdir to avoid possible security issue
		# if $dir exists and is a symlink (ie protect against a race
		# against the above check)
		if ${MKTEMP} -d ${dir} >& /dev/null ; then
			chmod 1777 $dir
			chown root:wheel $dir
			success=1
			break
		fi
	done
	if [ "${success}" -eq 0 ] ; then
		echo "Could not successfully create ${dir}" >&2
	fi
done
