Overview

File rocksndiamonds-3.3.1.2-src_libgame_setup.c-CVE-2011-4606.patch of Package rocksndiamonds

--- src/libgame/setup.c.orig	2013-11-13 01:13:27.000000000 +0100
+++ src/libgame/setup.c	2014-10-02 23:47:07.762894564 +0200
@@ -1290,11 +1290,14 @@
 #define MODE_W_ALL		(S_IWUSR | S_IWGRP | S_IWOTH)
 #define MODE_X_ALL		(S_IXUSR | S_IXGRP | S_IXOTH)
 
+#define MODE_R_PRIVATE		(S_IRUSR)
 #define MODE_W_PRIVATE		(S_IWUSR)
+#define MODE_X_PRIVATE		(S_IXUSR)
+
 #define MODE_W_PUBLIC		(S_IWUSR | S_IWGRP)
 #define MODE_W_PUBLIC_DIR	(S_IWUSR | S_IWGRP | S_ISGID)
 
-#define DIR_PERMS_PRIVATE	(MODE_R_ALL | MODE_X_ALL | MODE_W_PRIVATE)
+#define DIR_PERMS_PRIVATE	(MODE_R_PRIVATE | MODE_X_PRIVATE | MODE_W_PRIVATE)
 #define DIR_PERMS_PUBLIC	(MODE_R_ALL | MODE_X_ALL | MODE_W_PUBLIC_DIR)
 
 #define FILE_PERMS_PRIVATE	(MODE_R_ALL | MODE_W_PRIVATE)
@@ -1453,7 +1456,8 @@
   if (running_setgid)
     posix_umask(last_umask & group_umask);
   else
-    dir_mode |= MODE_W_ALL;
+    if (permission_class == PERMS_PUBLIC)
+      dir_mode |= MODE_W_ALL;
 
   if (!fileExists(dir))
     if (posix_mkdir(dir, dir_mode) != 0)
openSUSE Build Service is sponsored by
Places