From 248735cb8b9153b7c7380986ef2949d7ec6dfdb9 Mon Sep 17 00:00:00 2001
From: Julius Michaelis <gitter@liftm.de>
Date: Fri, 7 Jan 2022 20:59:59 +0900
Subject: [PATCH 1/2] binfmt register: Fix getting exe path when calling wasmer
 from $PATH

---
 lib/cli/src/commands/binfmt.rs | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/lib/cli/src/commands/binfmt.rs b/lib/cli/src/commands/binfmt.rs
index e668740a6d6..9e5071d3c2c 100644
--- a/lib/cli/src/commands/binfmt.rs
+++ b/lib/cli/src/commands/binfmt.rs
@@ -62,10 +62,8 @@ impl Binfmt {
             Register | Reregister => {
                 temp_dir = tempfile::tempdir().context("Make temporary directory")?;
                 seccheck(temp_dir.path())?;
-                let bin_path_orig: PathBuf = env::args_os()
-                    .nth(0)
-                    .map(Into::into)
-                    .filter(|p: &PathBuf| p.exists())
+                let bin_path_orig: PathBuf = env::current_exe()
+                    .and_then(|p| p.canonicalize())
                     .context("Cannot get path to wasmer executable")?;
                 let bin_path = temp_dir.path().join("wasmer-binfmt-interpreter");
                 fs::copy(&bin_path_orig, &bin_path).context("Copy wasmer binary to temp folder")?;

From 3bb95d51ed1cf4713bf6022a80ba891dfa0c5c21 Mon Sep 17 00:00:00 2001
From: Julius Michaelis <gitter@liftm.de>
Date: Fri, 7 Jan 2022 21:08:37 +0900
Subject: [PATCH 2/2] Use unix_mode crate to check file modes in binfmt
 registration

---
 Cargo.lock                     | 7 +++++++
 lib/cli/Cargo.toml             | 3 +++
 lib/cli/src/commands/binfmt.rs | 3 ++-
 3 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/Cargo.lock b/Cargo.lock
index 8d42e28d5e8..bc40b7bc02f 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -2545,6 +2545,12 @@ dependencies = [
  "regex",
 ]
 
+[[package]]
+name = "unix_mode"
+version = "0.1.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "35abed4630bb800f02451a7428205d1f37b8e125001471bfab259beee6a587ed"
+
 [[package]]
 name = "vec_map"
 version = "0.8.2"
@@ -2819,6 +2825,7 @@ dependencies = [
  "log",
  "structopt",
  "tempfile",
+ "unix_mode",
  "wasmer",
  "wasmer-cache",
  "wasmer-compiler",
diff --git a/lib/cli/Cargo.toml b/lib/cli/Cargo.toml
index 75075734c5c..2dd75eae3f1 100644
--- a/lib/cli/Cargo.toml
+++ b/lib/cli/Cargo.toml
@@ -55,6 +55,9 @@ fern = { version = "0.6", features = ["colored"], optional = true }
 log = { version = "0.4", optional = true }
 tempfile = "3"
 
+[target.'cfg(target_os = "linux")'.dependencies]
+unix_mode = "0.1.3"
+
 [features]
 # Don't add the compiler features in default, please add them on the Makefile
 # since we might want to autoconfigure them depending on the availability on the host.
diff --git a/lib/cli/src/commands/binfmt.rs b/lib/cli/src/commands/binfmt.rs
index 9e5071d3c2c..9fa7ef22727 100644
--- a/lib/cli/src/commands/binfmt.rs
+++ b/lib/cli/src/commands/binfmt.rs
@@ -43,8 +43,9 @@ fn seccheck(path: &Path) -> Result<()> {
     }
     let m = std::fs::metadata(path)
         .with_context(|| format!("Can't check permissions of {}", path.to_string_lossy()))?;
+    use unix_mode::*;
     anyhow::ensure!(
-        m.mode() & 0o2 == 0 || m.mode() & 0o1000 != 0,
+        !is_allowed(Accessor::Other, Access::Write, m.mode()) || is_sticky(m.mode()),
         "{} is world writeable and not sticky",
         path.to_string_lossy()
     );