From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 12 Nov 2021 13:48:52 +0000 (+0100)
Subject: mkdir: tighten permission check
X-Git-Tag: v250-rc1~231^2~8
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=05f05a06cd1d72b4bfcbf565d12ea3107187f66d;p=thirdparty%2Fsystemd.git

mkdir: tighten permission check

Let's complain about any bit that is set in the existing inode but no in
the mask we are supposed to use.
---

diff --git a/src/basic/mkdir.c b/src/basic/mkdir.c
index 41638f7a81c..4a0c48b8afe 100644
--- a/src/basic/mkdir.c
+++ b/src/basic/mkdir.c
@@ -56,9 +56,8 @@ int mkdir_safe_internal(
         if (!S_ISDIR(st.st_mode))
                 return log_full_errno(flags & MKDIR_WARN_MODE ? LOG_WARNING : LOG_DEBUG, SYNTHETIC_ERRNO(ENOTDIR),
                                       "Path \"%s\" already exists and is not a directory, refusing.", path);
-        if ((st.st_mode & 0007) > (mode & 0007) ||
-            (st.st_mode & 0070) > (mode & 0070) ||
-            (st.st_mode & 0700) > (mode & 0700))
+
+        if ((st.st_mode & ~mode & 0777) != 0)
                 return log_full_errno(flags & MKDIR_WARN_MODE ? LOG_WARNING : LOG_DEBUG, SYNTHETIC_ERRNO(EEXIST),
                                       "Directory \"%s\" already exists, but has mode %04o that is too permissive (%04o was requested), refusing.",
                                       path, st.st_mode & 0777, mode);