FHS: Check for world-writable files

[people/stevee/pakfire.git] / src / libpakfire / fhs.c

diff --git a/src/libpakfire/fhs.c b/src/libpakfire/fhs.c
index 4a84b677fd3b6b1f177fb03806c6dba2e6f506f0..b21127fee738dd612b48eb108048c6a739f23f76 100644 (file)
--- a/src/libpakfire/fhs.c
+++ b/src/libpakfire/fhs.c
@@ -215,6 +215,23 @@ ERROR:
        return NULL;
 }
 
+static int pakfire_fhs_check_world_writable(
+               struct pakfire* pakfire, struct pakfire_file* file) {
+       // Fetch path
+       const char* path = pakfire_file_get_path(file);
+
+       // Fetch permissions
+       const mode_t perms = pakfire_file_get_perms(file);
+
+       // Check that none of the executable bits are set
+       if ((perms & (S_IWUSR|S_IWGRP|S_IWOTH)) == (S_IWUSR|S_IWGRP|S_IWOTH)) {
+               DEBUG(pakfire, "%s is world-writable\n", path);
+               return 1;
+       }
+
+       return 0;
+}
+
 static int pakfire_fhs_check_perms(struct pakfire* pakfire,
                const struct pakfire_fhs_check* check, struct pakfire_file* file) {
        // No permissions defined. Skipping check...
@@ -298,6 +315,11 @@ int pakfire_fhs_check_file(struct pakfire* pakfire, struct pakfire_file* file) {
        if (!path)
                return 1;
 
+       // Check for world-writable permissions
+       r = pakfire_fhs_check_world_writable(pakfire, file);
+       if (r)
+               return r;
+
        // Find a check
        check = pakfire_fhs_find_check(pakfire, file);
        if (!check) {