Use unix_mode crate to check file modes in binfmt registration

2025-12-07 13:18:20 +00:00 · 2022-01-07 21:08:37 +09:00
parent 248735cb8b
commit 3bb95d51ed
3 changed files with 12 additions and 1 deletions
--- a/lib/cli/src/commands/binfmt.rs
+++ b/lib/cli/src/commands/binfmt.rs
@@ -43,8 +43,9 @@ fn seccheck(path: &Path) -> Result<()> {
    }
    let m = std::fs::metadata(path)
        .with_context(|| format!("Can't check permissions of {}", path.to_string_lossy()))?;
+    use unix_mode::*;
    anyhow::ensure!(
-        m.mode() & 0o2 == 0 || m.mode() & 0o1000 != 0,
+        !is_allowed(Accessor::Other, Access::Write, m.mode()) || is_sticky(m.mode()),
        "{} is world writeable and not sticky",
        path.to_string_lossy()
    );