def test_chmod_rejects_group_writable_suid(tmpdir): path = str(tmpdir.join('file').ensure()) mode = stat.S_ISUID | stat.S_ISGID | stat.S_ISVTX fs.chmod_x(path, mode) perms = stat.S_IRWXU | stat.S_IRWXG | stat.S_IRWXO with pytest.raises(InvalidPermissionsError): set_permissions(path, perms)
def test_chmod_rejects_world_writable_sgid(tmpdir): path = str(tmpdir.join('file').ensure()) mode = stat.S_ISGID fs.chmod_x(path, mode) perms = stat.S_IWOTH with pytest.raises(InvalidPermissionsError): set_permissions(path, perms)
def set_permissions(path, perms, group=None): # Preserve higher-order bits of file permissions perms |= os.stat(path).st_mode & (st.S_ISUID | st.S_ISGID | st.S_ISVTX) # Do not let users create world writable suid binaries if perms & st.S_ISUID and perms & st.S_IWGRP: raise InvalidPermissionsError( "Attepting to set suid with world writable") fs.chmod_x(path, perms) if group: fs.chgrp(path, group)
def chmod_real_entries(path, perms): # Don't follow links so we don't change things outside the prefix if not os.path.islink(path): chmod_x(path, perms)