From 0eca0ac45a4dd40d0131b9e3e58b57e2ca0f39ab Mon Sep 17 00:00:00 2001 From: greatroar <61184462+greatroar@users.noreply.github.com> Date: Sat, 26 Mar 2022 11:07:07 +0100 Subject: [PATCH] lib/model: Chmod to mode|0700, not 755 (#8235) --- lib/model/util.go | 35 +++++++++++++++++++---------------- 1 file changed, 19 insertions(+), 16 deletions(-) diff --git a/lib/model/util.go b/lib/model/util.go index 32f112ef1..9309f1a94 100644 --- a/lib/model/util.go +++ b/lib/model/util.go @@ -114,26 +114,29 @@ func inWritableDir(fn func(string) error, targetFs fs.Filesystem, path string, i if !info.IsDir() { return errors.New("Not a directory: " + path) } - if info.Mode()&0200 == 0 { + + const permBits = fs.ModePerm | fs.ModeSetuid | fs.ModeSetgid | fs.ModeSticky + if mode := info.Mode() & permBits; mode&0200 == 0 { // A non-writeable directory (for this user; we assume that's the // relevant part). Temporarily change the mode so we can delete the // file or directory inside it. - if err := targetFs.Chmod(dir, 0755); err == nil { - // Chmod succeeded, we should change the permissions back on the way - // out. If we fail we log the error as we have irrevocably messed up - // at this point. :( (The operation we were called to wrap has - // succeeded or failed on its own so returning an error to the - // caller is inappropriate.) - defer func() { - if err := targetFs.Chmod(dir, info.Mode()&fs.ModePerm); err != nil && !fs.IsNotExist(err) { - logFn := l.Warnln - if ignorePerms { - logFn = l.Debugln - } - logFn("Failed to restore directory permissions after gaining write access:", err) - } - }() + if err := targetFs.Chmod(dir, mode|0700); err != nil { + return err } + // Chmod succeeded, we should change the permissions back on the way + // out. If we fail we log the error as we have irrevocably messed up + // at this point. :( (The operation we were called to wrap has + // succeeded or failed on its own so returning an error to the + // caller is inappropriate.) + defer func() { + if err := targetFs.Chmod(dir, mode); err != nil && !fs.IsNotExist(err) { + logFn := l.Warnln + if ignorePerms { + logFn = l.Debugln + } + logFn("Failed to restore directory permissions after gaining write access:", err) + } + }() } return fn(path)