mii/wasmer
1
0
Fork 0
mirror of https://github.com/mii443/wasmer.git synced 2025-12-08 13:48:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

binfmt: Safer order for folder premission check

Browse Source
This commit is contained in:
Julius Michaelis
2021-08-02 18:32:23 +09:00
parent a96af441a4
commit d111c43711
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
lib/cli/src/commands/binfmt.rs
View File

@@ -38,12 +38,12 @@ pub struct Binfmt {
// //
// If somebody mounted /tmp wrong, this might result in a TOCTOU problem. // If somebody mounted /tmp wrong, this might result in a TOCTOU problem.
fn seccheck(path: &Path) -> Result<()> { fn seccheck(path: &Path) -> Result<()> {
let m = std::fs::metadata(path)
.with_context(|| format!("Can't check permissions of {}", path.to_string_lossy()))?;
anyhow::ensure!(m.mode() & 0o2 == 0 || m.mode() & 0o1000 != 0, "{} is world writeable and not sticky", path.to_string_lossy());
if let Some(parent) = path.parent() { if let Some(parent) = path.parent() {
seccheck(parent)?; seccheck(parent)?;
} }
let m = std::fs::metadata(path)
.with_context(|| format!("Can't check permissions of {}", path.to_string_lossy()))?;
anyhow::ensure!(m.mode() & 0o2 == 0 || m.mode() & 0o1000 != 0, "{} is world writeable and not sticky", path.to_string_lossy());
Ok(()) Ok(())
} }