From 3bb95d51ed1cf4713bf6022a80ba891dfa0c5c21 Mon Sep 17 00:00:00 2001 From: Julius Michaelis Date: Fri, 7 Jan 2022 21:08:37 +0900 Subject: [PATCH] Use unix_mode crate to check file modes in binfmt registration --- Cargo.lock | 7 +++++++ lib/cli/Cargo.toml | 3 +++ lib/cli/src/commands/binfmt.rs | 3 ++- 3 files changed, 12 insertions(+), 1 deletion(-) diff --git a/Cargo.lock b/Cargo.lock index 8d42e28d5e8..bc40b7bc02f 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2545,6 +2545,12 @@ dependencies = [ "regex", ] +[[package]] +name = "unix_mode" +version = "0.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "35abed4630bb800f02451a7428205d1f37b8e125001471bfab259beee6a587ed" + [[package]] name = "vec_map" version = "0.8.2" @@ -2819,6 +2825,7 @@ dependencies = [ "log", "structopt", "tempfile", + "unix_mode", "wasmer", "wasmer-cache", "wasmer-compiler", diff --git a/lib/cli/Cargo.toml b/lib/cli/Cargo.toml index 75075734c5c..2dd75eae3f1 100644 --- a/lib/cli/Cargo.toml +++ b/lib/cli/Cargo.toml @@ -55,6 +55,9 @@ fern = { version = "0.6", features = ["colored"], optional = true } log = { version = "0.4", optional = true } tempfile = "3" +[target.'cfg(target_os = "linux")'.dependencies] +unix_mode = "0.1.3" + [features] # Don't add the compiler features in default, please add them on the Makefile # since we might want to autoconfigure them depending on the availability on the host. diff --git a/lib/cli/src/commands/binfmt.rs b/lib/cli/src/commands/binfmt.rs index 9e5071d3c2c..9fa7ef22727 100644 --- a/lib/cli/src/commands/binfmt.rs +++ b/lib/cli/src/commands/binfmt.rs @@ -43,8 +43,9 @@ fn seccheck(path: &Path) -> Result<()> { } let m = std::fs::metadata(path) .with_context(|| format!("Can't check permissions of {}", path.to_string_lossy()))?; + use unix_mode::*; anyhow::ensure!( - m.mode() & 0o2 == 0 || m.mode() & 0o1000 != 0, + !is_allowed(Accessor::Other, Access::Write, m.mode()) || is_sticky(m.mode()), "{} is world writeable and not sticky", path.to_string_lossy() );