LibCore+LaunchServer: Move portal directory to `/tmp/user/%uid`

The `/tmp/user` directory is owned by root, this solution prevents
malicious users to interfere with other users' portals.

This commit also moves `launch`'s portal in the user directory.

1 files changed, 9 insertions, 4 deletions

diff --git a/Userland/Libraries/LibCore/Account.cpp b/Userland/Libraries/LibCore/Account.cpp
index a7e34e3b3b..715721570a 100644
--- a/Userland/Libraries/LibCore/Account.cpp
+++ b/Userland/Libraries/LibCore/Account.cpp
@@ -142,6 +142,15 @@ bool Account::authenticate(SecretString const& password) const
 
 bool Account::login() const
 {
+    auto const temporary_directory = String::formatted("/tmp/user/{}", m_uid);
+    if (auto result = Core::Directory::create(temporary_directory, Core::Directory::CreateDirectories::Yes); result.is_error()) {
+        dbgln("{}", result.release_error());
+        return false;
+    }
+
+    if (chown(temporary_directory.characters(), m_uid, m_gid) < 0)
+        return false;
+
     if (setgroups(m_extra_gids.size(), m_extra_gids.data()) < 0)
         return false;
 
@@ -151,10 +160,6 @@ bool Account::login() const
     if (setuid(m_uid) < 0)
         return false;
 
-    auto const temporary_directory = String::formatted("/tmp/{}", m_uid);
-    if (auto result = Core::Directory::create(temporary_directory, Core::Directory::CreateDirectories::No); result.is_error())
-        dbgln("{}", result.release_error());
-
     return true;
 }