From: lace <>
Date: Mon, 26 Dec 2005 14:37:25 +0000 (+0000)
Subject: Relax more the parent directories security check.
X-Git-Tag: captive-1_1_6~25
X-Git-Url: https://git.jankratochvil.net/?p=captive.git;a=commitdiff_plain;h=f83aea076637c63759d111223900dc82c8e61050

Relax more the parent directories security check.
 - There were bugreports regarding non-zero GID etc.
---

diff --git a/src/client/sandbox-server/main.c b/src/client/sandbox-server/main.c
index ce88748..4f2124f 100644
--- a/src/client/sandbox-server/main.c
+++ b/src/client/sandbox-server/main.c
@@ -164,10 +164,10 @@ int linkbuflen;
 			fatal("lstat/stat(\"%s\") of chroot path component is !S_ISDIR",local_dir);
 		if (statbuf.st_uid!=0)
 			fatal("lstat/stat(\"%s\") of chroot path component has UID %d !=0",local_dir,(int)statbuf.st_uid);
-		if (statbuf.st_gid!=0)
-			fatal("lstat/stat(\"%s\") of chroot path component has GID %d !=0",local_dir,(int)statbuf.st_gid);
-		if ((statbuf.st_mode&(S_IFDIR|S_ISVTX|0111)) != (S_IFDIR|0111))
-			fatal("lstat/stat(\"%s\") of chroot path component has mode 0%o !=04[01]111",local_dir,(int)statbuf.st_mode);
+		if (statbuf.st_gid!=0 && (statbuf.st_mode&0020))
+			fatal("lstat/stat(\"%s\") of chroot path component has GID %d !=0 and mode has 0020",local_dir,(int)statbuf.st_gid);
+		if (                     (statbuf.st_mode&0002))
+			fatal("lstat/stat(\"%s\") of chroot path component mode has 0002",local_dir,(int)statbuf.st_gid);
 		}
 
 	depth--;