mkdir: tighten permission check

Let's complain about any bit that is set in the existing inode but no in
the mask we are supposed to use.

diff --git a/src/basic/mkdir.c b/src/basic/mkdir.c
index 41638f7a81caa8115c839b4553046c103887ac72..4a0c48b8afe76373296cc7336a34da1c89622832 100644 (file)
--- a/src/basic/mkdir.c
+++ b/src/basic/mkdir.c
@@ -56,9 +56,8 @@ int mkdir_safe_internal(
         if (!S_ISDIR(st.st_mode))
                 return log_full_errno(flags & MKDIR_WARN_MODE ? LOG_WARNING : LOG_DEBUG, SYNTHETIC_ERRNO(ENOTDIR),
                                       "Path \"%s\" already exists and is not a directory, refusing.", path);
-        if ((st.st_mode & 0007) > (mode & 0007) ||
-            (st.st_mode & 0070) > (mode & 0070) ||
-            (st.st_mode & 0700) > (mode & 0700))
+
+        if ((st.st_mode & ~mode & 0777) != 0)
                 return log_full_errno(flags & MKDIR_WARN_MODE ? LOG_WARNING : LOG_DEBUG, SYNTHETIC_ERRNO(EEXIST),
                                       "Directory \"%s\" already exists, but has mode %04o that is too permissive (%04o was requested), refusing.",
                                       path, st.st_mode & 0777, mode);