Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

[bugfix] Simple symbolic mode permission parsing was too relaxed

[bugfix] Simple symbolic mode permission parsing did not correctly parse
setUid with and without exec
  • Loading branch information...
commit 4f239e9228a363406d16f195a406668e6e9898fe 1 parent 6151698
@adamretter adamretter authored
View
6 src/org/exist/security/AbstractUnixStylePermission.java
@@ -248,7 +248,7 @@ private void setSimpleSymbolicMode(final String simpleSymbolicMode)
private final static Pattern existSymbolicModePattern = Pattern.compile("(?:(?:" + USER_STRING + "|" + GROUP_STRING + "|" + OTHER_STRING + ")=(?:[+-](?:" + READ_STRING + "|" + WRITE_STRING + "|" + EXECUTE_STRING + "),?)+)+");
private final static Matcher existSymbolicModeMatcher = existSymbolicModePattern.matcher("");
- private final static Pattern simpleSymbolicModePattern = Pattern.compile("[" + READ_CHAR + WRITE_CHAR + EXECUTE_CHAR + SETUID_CHAR + UNSET_CHAR + "]{3}[" + READ_CHAR + WRITE_CHAR + EXECUTE_CHAR + SETGID_CHAR + UNSET_CHAR + "]{3}[" + READ_CHAR + WRITE_CHAR + EXECUTE_CHAR + STICKY_CHAR + UNSET_CHAR + "]{3}");
+ private final static Pattern simpleSymbolicModePattern = Pattern.compile("(?:(?:" + READ_CHAR + "|" + UNSET_CHAR + ")(?:" + WRITE_CHAR + "|" + UNSET_CHAR + ")(?:[" + EXECUTE_CHAR + SETUID_CHAR + SETUID_CHAR_NO_EXEC + "]|" + UNSET_CHAR + ")){2}(?:" + READ_CHAR + "|" + UNSET_CHAR + ")(?:" + WRITE_CHAR + "|" + UNSET_CHAR + ")(?:[" + EXECUTE_CHAR + STICKY_CHAR + "]|" + UNSET_CHAR + ")");
private final static Matcher simpleSymbolicModeMatcher = simpleSymbolicModePattern.matcher("");
/**
@@ -305,12 +305,16 @@ public static int simpleSymbolicModeToInt(final String simpleModeStr) throws Syn
case EXECUTE_CHAR:
mode |= (EXECUTE << shift);
break;
+ case SETUID_CHAR_NO_EXEC:
case SETUID_CHAR:
if(i < 3) {
mode |= (SET_UID << 9);
} else {
mode |= (SET_GID << 9);
}
+ if(c == SETUID_CHAR) {
+ mode |= (EXECUTE << shift);
+ }
break;
case STICKY:
mode |= (STICKY << 9);
View
26 test/src/org/exist/security/UnixStylePermissionTest.java
@@ -503,12 +503,36 @@ public void permission_setFromModeString_simpleSymbolic() throws SyntaxException
assertEquals(0111, permission.getMode());
permission = new TestableUnixStylePermissionWithCurrentSubject(mockSecurityManager, ownerId, ownerGroupId, 0777);
- permission.setMode("--r--r--r");
+ permission.setMode("r--r--r--");
assertEquals(0444, permission.getMode());
permission = new TestableUnixStylePermissionWithCurrentSubject(mockSecurityManager, ownerId, ownerGroupId, 0777);
permission.setMode("---------");
assertEquals(0, permission.getMode());
+
+ permission = new TestableUnixStylePermissionWithCurrentSubject(mockSecurityManager, ownerId, ownerGroupId, 0);
+ permission.setMode("rwS------");
+ assertEquals(04600, permission.getMode());
+
+ permission = new TestableUnixStylePermissionWithCurrentSubject(mockSecurityManager, ownerId, ownerGroupId, 0);
+ permission.setMode("rwx------");
+ assertEquals(0700, permission.getMode());
+
+ permission = new TestableUnixStylePermissionWithCurrentSubject(mockSecurityManager, ownerId, ownerGroupId, 0);
+ permission.setMode("rws------");
+ assertEquals(04700, permission.getMode());
+
+ permission = new TestableUnixStylePermissionWithCurrentSubject(mockSecurityManager, ownerId, ownerGroupId, 0);
+ permission.setMode("rwxrwS---");
+ assertEquals(02760, permission.getMode());
+
+ permission = new TestableUnixStylePermissionWithCurrentSubject(mockSecurityManager, ownerId, ownerGroupId, 0);
+ permission.setMode("rwxrwx---");
+ assertEquals(0770, permission.getMode());
+
+ permission = new TestableUnixStylePermissionWithCurrentSubject(mockSecurityManager, ownerId, ownerGroupId, 0);
+ permission.setMode("rwxrws---");
+ assertEquals(02770, permission.getMode());
}
@Test
Please sign in to comment.
Something went wrong with that request. Please try again.