bootloader: onefile: set executable bits only on extracted binaries

When extracting files from onefile archive, restore the executable bits only on binary files (those that were collected with TOC type codes `EXECUTABLE`, `BINARY`, or `EXTENSION˙, which all end up having PKG type code `b`), as opposed to all files. Binaries are now extracted with permissions bit set to `0700`, while other files are extracted with permissions bit set to `0600`.
pyinstaller · Sep 22, 2023 · fe8ace8 · fe8ace8
1 parent 3bd5160
commit fe8ace8
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 1 deletion.
diff --git a/bootloader/src/pyi_archive.c b/bootloader/src/pyi_archive.c
@@ -341,7 +341,11 @@ pyi_arch_extract2fs(const ARCHIVE_STATUS *status, const TOC *ptoc)
         rc = _pyi_arch_extract2fs_uncompressed(archive_fp, ptoc, out_fp);
     }
 #ifndef WIN32
-    fchmod(fileno(out_fp), S_IRUSR | S_IWUSR | S_IXUSR);
+    if (ptoc->typcd == ARCHIVE_ITEM_BINARY) {
+        fchmod(fileno(out_fp), S_IRUSR | S_IWUSR | S_IXUSR);
+    } else {
+        fchmod(fileno(out_fp), S_IRUSR | S_IWUSR);
+    }
 #endif
 
 cleanup:

diff --git a/news/7950.bootloader.rst b/news/7950.bootloader.rst
@@ -0,0 +1,5 @@
+(Linux, macOS) When extracting files from ``onefile`` archive, the
+executable bit is now set only on binaries (files whose TOC type code
+was either ``BINARY``, ``EXECUTABLE``, or ``EXTENSION``). Therefore,
+binaries are now extracted with permissions bits set to ``0700``, while
+all other files have permissions bits set to ``0600``.