diff options
| author | Edward Welbourne <edward.welbourne@qt.io> | 2016-09-26 10:12:19 +0200 |
|---|---|---|
| committer | Edward Welbourne <edward.welbourne@qt.io> | 2016-09-28 08:54:08 +0000 |
| commit | ef0773a19a9697e2c3a6a2046bd1be670f7e58e4 (patch) | |
| tree | c5694079a3519d94849f6c4b81779e86846d8a7e /git-hooks | |
| parent | 5bd5aab3daf0c30fbf6657fae227d24df53a451a (diff) | |
sanitize-commit: check for suid permissions on new files
Alongside misguided execute permissions, check for set*id permissions;
git won't propagate them, but there's no way they're a good sign.
Change-Id: Ie3499ec79fd275d6f9cd0cb331c9cf2165ba7949
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@theqtcompany.com>
Diffstat (limited to 'git-hooks')
| -rwxr-xr-x | git-hooks/sanitize-commit | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/git-hooks/sanitize-commit b/git-hooks/sanitize-commit index 8c218af..0f47316 100755 --- a/git-hooks/sanitize-commit +++ b/git-hooks/sanitize-commit @@ -716,7 +716,12 @@ while (<DIFF>) { $is_special = 1; next; } - if (oct($text) & 0111) { + my $perm = oct($text); + # Executable or set*id: + if ($perm & 07000) { + # set*id; git discards it - but asking for it is misguided. + complain("Adding file with set*id permissions", "permissions", 1); + } elsif ($perm & 0111) { if ($clike || $qmake || $file =~ /\.(ps|pdf|png|qdoc(cconf)?|json)$/) { # Should not be executable. complain("Adding implausibly executable file", "permissions"); |