From 91a8fe39a0275c922fd4288965f994de835ae2fa Mon Sep 17 00:00:00 2001 From: Rok Mandeljc Date: Fri, 22 Sep 2023 19:06:48 +0200 Subject: [PATCH] bootloader: onefile: set executable bit only on extracted binaries MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When extracting files from onefile archive, restore the executable bits only on binary files (those that were collected with TOC type codes `EXECUTABLE`, `BINARY`, or `EXTENSIONË™, which all end up having PKG type code `b`), as opposed to all files. Binaries are now extracted with permissions bit set to `0700`, while other files are extracted with permissions bit set to `0600`. --- bootloader/src/pyi_archive.c | 6 +++++- news/7950.bootloader.rst | 5 +++++ 2 files changed, 10 insertions(+), 1 deletion(-) create mode 100644 news/7950.bootloader.rst diff --git a/bootloader/src/pyi_archive.c b/bootloader/src/pyi_archive.c index 8c923c23dc..18a4be4b89 100644 --- a/bootloader/src/pyi_archive.c +++ b/bootloader/src/pyi_archive.c @@ -341,7 +341,11 @@ pyi_arch_extract2fs(const ARCHIVE_STATUS *status, const TOC *ptoc) rc = _pyi_arch_extract2fs_uncompressed(archive_fp, ptoc, out_fp); } #ifndef WIN32 - fchmod(fileno(out_fp), S_IRUSR | S_IWUSR | S_IXUSR); + if (ptoc->typcd == ARCHIVE_ITEM_BINARY) { + fchmod(fileno(out_fp), S_IRUSR | S_IWUSR | S_IXUSR); + } else { + fchmod(fileno(out_fp), S_IRUSR | S_IWUSR); + } #endif cleanup: diff --git a/news/7950.bootloader.rst b/news/7950.bootloader.rst new file mode 100644 index 0000000000..9166ad502f --- /dev/null +++ b/news/7950.bootloader.rst @@ -0,0 +1,5 @@ +(Linux, macOS) When extracting files from ``onefile`` archive, the +executable bit is now set only on binaries (files whose TOC type code +was either ``BINARY``, ``EXECUTABLE``, or ``EXTENSION``). Therefore, +binaries are now extracted with permissions bits set to ``0700``, while +all other files have permissions bits set to ``0600``.