[OE-core] WARNING: FILES GETTING MARKED WORLD-WRITEABLE. (Was: Re: [PATCH 1/1] pseudo: handle fchmodat better, mask out unwanted write bits)

[Peter Seebach]

On Wed, 21 May 2014 18:12:33 -0500
Peter Seebach <peter.seebach at windriver.com> wrote:

> +-#define PSEUDO_FS_MODE(mode, isdir) ((mode) | S_IRUSR | S_IWUSR | ((isdir) ? S_IXUSR : 0))
> +-#define PSEUDO_DB_MODE(fs_mode, user_mode) (((fs_mode) & ~0700) | ((user_mode & 0700)))
> ++#define PSEUDO_FS_MODE(mode, isdir) ((((mode) | S_IRUSR | S_IWUSR | ((isdir) ? S_IXUSR : 0)) & ~(S_IWGRP | S_IWOTH)) & ~(S_IWOTH | S_IWGRP))
> ++#define PSEUDO_DB_MODE(fs_mode, user_mode) (((fs_mode) & ~0722) | ((user_mode & 0722)))

So, someone just spotted a bug this introduces.

In the case where you're calling chmod, this produces exactly the results you
probably expect: Files end up with the specified mode in the database, and
with 022 masked out and 0700 masked in on the filesystem.

If you're using open or mkdir, though, the old code was picking up changes to
the mode from umask in the 077 bits (typically, 022), and the new code
doesn't because I ignore the 022 bits in the filesystem since I know I masked
them out.

I don't know how to solve this correctly yet, but basically I should be
taking umask into account.

I'll try to get a patch out for this ASAP.

-s
-- 
Listen, get this.  Nobody with a good compiler needs to be justified.