Skip to content

Commit

Permalink
Use unix_mode crate to check file modes in binfmt registration
Browse files Browse the repository at this point in the history
  • Loading branch information
jcaesar committed Jan 7, 2022
1 parent 248735c commit 8e083e1
Show file tree
Hide file tree
Showing 3 changed files with 10 additions and 1 deletion.
7 changes: 7 additions & 0 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions lib/cli/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,7 @@ cfg-if = "1.0"
fern = { version = "0.6", features = ["colored"], optional = true }
log = { version = "0.4", optional = true }
tempfile = "3"
unix_mode = "0.1.3"

[features]
# Don't add the compiler features in default, please add them on the Makefile
Expand Down
3 changes: 2 additions & 1 deletion lib/cli/src/commands/binfmt.rs
Original file line number Diff line number Diff line change
Expand Up @@ -43,8 +43,9 @@ fn seccheck(path: &Path) -> Result<()> {
}
let m = std::fs::metadata(path)
.with_context(|| format!("Can't check permissions of {}", path.to_string_lossy()))?;
use unix_mode::*;
anyhow::ensure!(
m.mode() & 0o2 == 0 || m.mode() & 0o1000 != 0,
!is_allowed(Accessor::Other, Access::Write, m.mode()) || is_sticky(m.mode()),
"{} is world writeable and not sticky",
path.to_string_lossy()
);
Expand Down

0 comments on commit 8e083e1

Please sign in to comment.