0ct0pu5/moby
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

pkg/idtools: CanAccess(): reorder checks to allow early return

Browse source 
Merge the accessible() function into CanAccess, and check world-
readable permissions first, before checking owner and group.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Sebastiaan van Stijn 2022-10-05 15:24:51 +02:00
parent 1fccb39316
commit 0fc13104e7
No known key found for this signature in database
GPG key ID: 76698F39D527CE8C
1 changed files with 7 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
pkg/idtools/idtools_unix.go
View file

@ -90,20 +90,17 @@ func CanAccess(path string, pair Identity) bool {
if err != nil {
return false
}
fileMode := os.FileMode(statInfo.Mode())
permBits := fileMode.Perm()
return accessible(statInfo.UID() == uint32(pair.UID),
statInfo.GID() == uint32(pair.GID), permBits)
}
func accessible(isOwner, isGroup bool, perms os.FileMode) bool {
if isOwner && (perms&0100 == 0100) {
perms := os.FileMode(statInfo.Mode()).Perm()
if perms&0o001 == 0o001 {
// world access
return true
}
if isGroup && (perms&0010 == 0010) {
if statInfo.UID() == uint32(pair.UID) && (perms&0o100 == 0o100) {
// owner access.
return true
}
if perms&0001 == 0001 {
if statInfo.GID() == uint32(pair.GID) && (perms&0o010 == 0o010) {
// group access.
return true
}
return false