Use unix_mode crate to check file modes in binfmt registration

wasmerio · Jan 7, 2022 · 3bb95d5 · 3bb95d5
1 parent 248735c
commit 3bb95d5
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 1 deletion.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/lib/cli/Cargo.toml b/lib/cli/Cargo.toml
@@ -55,6 +55,9 @@ fern = { version = "0.6", features = ["colored"], optional = true }
 log = { version = "0.4", optional = true }
 tempfile = "3"
 
+[target.'cfg(target_os = "linux")'.dependencies]
+unix_mode = "0.1.3"
+
 [features]
 # Don't add the compiler features in default, please add them on the Makefile
 # since we might want to autoconfigure them depending on the availability on the host.

diff --git a/lib/cli/src/commands/binfmt.rs b/lib/cli/src/commands/binfmt.rs
@@ -43,8 +43,9 @@ fn seccheck(path: &Path) -> Result<()> {
     }
     let m = std::fs::metadata(path)
         .with_context(|| format!("Can't check permissions of {}", path.to_string_lossy()))?;
+    use unix_mode::*;
     anyhow::ensure!(
-        m.mode() & 0o2 == 0 || m.mode() & 0o1000 != 0,
+        !is_allowed(Accessor::Other, Access::Write, m.mode()) || is_sticky(m.mode()),
         "{} is world writeable and not sticky",
         path.to_string_lossy()
     );