Relax more the parent directories security check.

 - There were bugreports regarding non-zero GID etc.

diff --git a/src/client/sandbox-server/main.c b/src/client/sandbox-server/main.c
index ce88748..4f2124f 100644 (file)
--- a/src/client/sandbox-server/main.c
+++ b/src/client/sandbox-server/main.c
@@ -164,10 +164,10 @@ int linkbuflen;
                        fatal("lstat/stat(\"%s\") of chroot path component is !S_ISDIR",local_dir);
                if (statbuf.st_uid!=0)
                        fatal("lstat/stat(\"%s\") of chroot path component has UID %d !=0",local_dir,(int)statbuf.st_uid);
-               if (statbuf.st_gid!=0)
-                       fatal("lstat/stat(\"%s\") of chroot path component has GID %d !=0",local_dir,(int)statbuf.st_gid);
-               if ((statbuf.st_mode&(S_IFDIR|S_ISVTX|0111)) != (S_IFDIR|0111))
-                       fatal("lstat/stat(\"%s\") of chroot path component has mode 0%o !=04[01]111",local_dir,(int)statbuf.st_mode);
+               if (statbuf.st_gid!=0 && (statbuf.st_mode&0020))
+                       fatal("lstat/stat(\"%s\") of chroot path component has GID %d !=0 and mode has 0020",local_dir,(int)statbuf.st_gid);
+               if (                     (statbuf.st_mode&0002))
+                       fatal("lstat/stat(\"%s\") of chroot path component mode has 0002",local_dir,(int)statbuf.st_gid);
                }
 
        depth--;