diff options
author | Tom Payerle <payerle@umd.edu> | 2020-06-23 20:50:19 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-06-23 19:50:19 -0500 |
commit | fd710fc93eee64e3ecd432d902a8bb6b61354451 (patch) | |
tree | 6be63c7c0f21730555cb92075a50546c2a5f4f01 /.github | |
parent | e74c8e71ccfc86ea63446dff5517afcdd286bae0 (diff) | |
download | spack-fd710fc93eee64e3ecd432d902a8bb6b61354451.tar.gz spack-fd710fc93eee64e3ecd432d902a8bb6b61354451.tar.bz2 spack-fd710fc93eee64e3ecd432d902a8bb6b61354451.tar.xz spack-fd710fc93eee64e3ecd432d902a8bb6b61354451.zip |
Some minor fixes to set_permissions() in file_permissions.py (#17020)
* Some minor fixes to set_permissions() in file_permissions.py
The set_permissions() routine claims to prevent users from creating
world writable suid binaries. However, it seems to only be checking
for/preventing group writable suid binaries.
This patch modifies the routine to check for both world and group
writable suid binaries, and complain appropriately.
* permissions.py: Add test to check blocks world writable SUID files
The original test_chmod_rejects_group_writable_suid tested
that the set_permissions() function in
lib/spack/spack/util/file_permissions.py
would raise an exception if changed permission on a file with
both SUID and SGID plus sticky bits is chmod-ed to g+rwx and o+rwx.
I have modified so that more narrowly tests a file with SUID
(and no SGID or sticky bit) set is chmod-ed to g+w.
I have added a second test test_chmod_rejects_world_writable_suid
that checks that exception is raised if an SUID file is chmod-ed
to o+w
* file_permissions.py: Raise exception when try to make sgid file world writable
Updated set_permissions() in file_permissions.py to also raise
an exception if try to make an SGID file world writable. And
added corresponding unit test as well.
* Remove debugging prints from permissions.py
Diffstat (limited to '.github')
0 files changed, 0 insertions, 0 deletions