blob: 9b4eefda1d81a15d54a43a47da0af2ec688a125c (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
# Copyright 2013-2024 Lawrence Livermore National Security, LLC and other
# Spack Project Developers. See the top-level COPYRIGHT file for details.
#
# SPDX-License-Identifier: (Apache-2.0 OR MIT)
import os
import stat as st
import llnl.util.filesystem as fs
import spack.package_prefs as pp
from spack.error import SpackError
def set_permissions_by_spec(path, spec):
# Get permissions for spec
if os.path.isdir(path):
perms = pp.get_package_dir_permissions(spec)
else:
perms = pp.get_package_permissions(spec)
group = pp.get_package_group(spec)
set_permissions(path, perms, group)
def set_permissions(path, perms, group=None):
# Preserve higher-order bits of file permissions
perms |= os.stat(path).st_mode & (st.S_ISUID | st.S_ISGID | st.S_ISVTX)
# Do not let users create world/group writable suid binaries
if perms & st.S_ISUID:
if perms & st.S_IWOTH:
raise InvalidPermissionsError("Attempting to set suid with world writable")
if perms & st.S_IWGRP:
raise InvalidPermissionsError("Attempting to set suid with group writable")
# Or world writable sgid binaries
if perms & st.S_ISGID:
if perms & st.S_IWOTH:
raise InvalidPermissionsError("Attempting to set sgid with world writable")
fs.chmod_x(path, perms)
if group:
fs.chgrp(path, group, follow_symlinks=False)
class InvalidPermissionsError(SpackError):
"""Error class for invalid permission setters"""
|