} else if (fchown(fd, (uid_t)-1, index->gid) == 0) {
/* success */
return;
- } if ((index->mode & 0066) == 0) {
- /* group doesn't really matter, ignore silently. */
+ } if ((index->mode & 0060) >> 3 == (index->mode & 0006)) {
+ /* group and world permissions are the same, so group doesn't
+ really matter. ignore silently. */
return;
- } if ((index->mode & 0060) == 0) {
- /* file access was granted to everyone, except this group.
- to make sure we don't expose it to the group, drop the world
- permissions too. */
- mail_index_file_set_syscall_error(index, path, "fchown()");
- mode = index->mode & 0600;
- } else {
- mail_index_file_set_syscall_error(index, path, "fchown()");
- /* continue, but change group permissions to same as
- world-permissions were. */
- mode = (index->mode & 0606) | ((index->mode & 06) << 3);
- }
- if (fchmod(fd, mode) < 0) {
- mail_index_file_set_syscall_error(index, path,
- "fchmod()");
}
+ mail_index_file_set_syscall_error(index, path, "fchown()");
+
+ /* continue, but change permissions so that only the common
+ subset of group and world is used. this makes sure no one
+ gets any extra permissions. */
+ mode = ((index->mode & 0060) >> 3) & (index->mode & 0006);
+ mode |= (mode << 3) | (index->mode & 0600);
+ if (fchmod(fd, mode) < 0)
+ mail_index_file_set_syscall_error(index, path, "fchmod()");
}
int mail_index_set_syscall_error(struct mail_index *index,
/* directory's GID is used automatically for new
files */
*gid_r = (gid_t)-1;
- } else if ((st.st_mode & 0070) == 0) {
- /* group doesn't have any permissions, so don't bother
+ } else if ((st.st_mode & 0070) >> 3 == (st.st_mode & 0007)) {
+ /* group has same permissions as world, so don't bother
changing it */
*gid_r = (gid_t)-1;
} else if (getegid() == st.st_gid) {
projects / thirdparty / dovecot / core.git / commitdiff
