util/nvmutil: more secure tmpdir()

use stat instead of access (race conditions) Signed-off-by: Leah Rowe <leah@libreboot.org>
author: Leah Rowe <leah@libreboot.org> 2026-03-16 16:19:27 +0000
committer: Leah Rowe <leah@libreboot.org> 2026-03-26 06:59:41 +0000
commit: 26d8807b792bb8552b8c2a9ec062d06821c99496 (patch)
tree: 560f887edacf865216fa52f0423cf61ea4d41e68
parent: 1ce06b01e0a7413916f7b2aa816955772a3fd3cd (diff)
1 files changed, 7 insertions, 4 deletions
diff --git a/util/nvmutil/nvmutil.c b/util/nvmutil/nvmutil.c
index 25953de5..96948f09 100644
--- a/util/nvmutil/nvmutil.c
+++ b/util/nvmutil/nvmutil.c
@@ -3088,15 +3088,18 @@ static char *
 x_c_tmpdir(void)
 {
 	char *t;
+	struct stat st;
 
 	t = getenv("TMPDIR");
-	if (t && *t)
-		return t;
+	if (t && *t) {
+		if (stat(t, &st) == 0 && S_ISDIR(st.st_mode))
+			return t;
+	}
 
-	if (access("/tmp", W_OK) == 0)
+	if (stat("/tmp", &st) == 0 && S_ISDIR(st.st_mode))
 		return "/tmp";
 
-	if (access("/var/tmp", W_OK) == 0)
+	if (stat("/var/tmp", &st) == 0 && S_ISDIR(st.st_mode))
 		return "/var/tmp";
 
 	return ".";
author	Leah Rowe <leah@libreboot.org>	2026-03-16 16:19:27 +0000
committer	Leah Rowe <leah@libreboot.org>	2026-03-26 06:59:41 +0000
commit	26d8807b792bb8552b8c2a9ec062d06821c99496 (patch)
tree	560f887edacf865216fa52f0423cf61ea4d41e68
parent	1ce06b01e0a7413916f7b2aa816955772a3fd3cd (diff)