Revision
23329
Author
zarzycki@apple.com
Date
2007-08-06 08:24:48 -0700 (Mon, 06 Aug 2007)

Log Message

<rdar://problem/5385870> 9A510: SystemStarter: shouldn't require user write bit on startup items

Modified Paths

Diff

Modified: trunk/launchd/src/StartupItems.c (23328 => 23329)


--- trunk/launchd/src/StartupItems.c	2007-08-02 20:29:24 UTC (rev 23328)
+++ trunk/launchd/src/StartupItems.c	2007-08-06 15:24:48 UTC (rev 23329)
@@ -229,10 +229,14 @@
 		syslog(LOG_WARNING, "\"%s\" failed security check: not a directory or regular file", aPath);
 		r = false;
 	}
-	if ((aStatBuf.st_mode & ALLPERMS) & ~(S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH)) {
-		syslog(LOG_WARNING, "\"%s\" failed security check: permissions", aPath);
+	if (aStatBuf.st_mode & S_IWOTH) {
+		syslog(LOG_WARNING, "\"%s\" failed security check: world writable", aPath);
 		r = false;
 	}
+	if (aStatBuf.st_mode & S_IWGRP) {
+		syslog(LOG_WARNING, "\"%s\" failed security check: group writable", aPath);
+		r = false;
+	}
 	if (aStatBuf.st_uid != 0) {
 		syslog(LOG_WARNING, "\"%s\" failed security check: not owned by UID 0", aPath);
 		r = false;