Skip to content

strip setuid/setgid/sticky bits when restoring archived modes#410

Merged
kuba-- merged 3 commits into
kuba--:masterfrom
jmestwa-coder:strip-setuid-on-extract
Jun 14, 2026
Merged

strip setuid/setgid/sticky bits when restoring archived modes#410
kuba-- merged 3 commits into
kuba--:masterfrom
jmestwa-coder:strip-setuid-on-extract

Conversation

@jmestwa-coder

@jmestwa-coder jmestwa-coder commented Jun 12, 2026

Copy link
Copy Markdown
Contributor

extract applies the archived unix mode as-is, so an archive can restore setuid/setgid on a file it owns:

  • zip_archive_extract chmods the path with (external_attr >> 16) & 0xFFFF
  • zip_entry_fread does the same on the single-entry path
  • a plain entry with the setuid bit set comes out as a setuid file after extraction

masked setuid/setgid/sticky before chmod at both sites; ordinary perms still round-trip. added a regression test under test_permissions.

kuba--
kuba-- requested changes Jun 12, 2026
View reviewed changes

@kuba-- kuba-- left a comment

Copy link
Copy Markdown
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fix windows build

@jmestwa-coder

jmestwa-coder commented Jun 13, 2026

Copy link
Copy Markdown
Contributor Author

good catch. mingw and msvc dont define S_ISUID/S_ISGID/S_ISVTX, so both the mask in zip.c and the new test failed to compile.

  • added #ifndef fallbacks for the three bits in zip.c (chmod ignores them on windows anyway, so the mask is a no-op there)
  • guarded test_setuid_not_restored as unix-only, matching where it already runs in the suite

local build + test_permissions pass.

kuba--
kuba-- approved these changes Jun 14, 2026
View reviewed changes
Comment thread src/zip.c Outdated
Comment on lines +68 to +78
/* setuid/setgid/sticky bits are not defined on every toolchain (e.g. MinGW) */
#ifndef S_ISUID
#define S_ISUID 04000
#endif
#ifndef S_ISGID
#define S_ISGID 02000
#endif
#ifndef S_ISVTX
#define S_ISVTX 01000
#endif

@kuba-- kuba-- Jun 14, 2026

Copy link
Copy Markdown
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would get rid of this.

Because (04000 | 02000 | 01000 = 07000) and just:

xattr &= ~(mz_uint32)07000;

...or you can define on the top sth. like:

#define ZIP_SETID_MASK 07000

@jmestwa-coder jmestwa-coder Jun 14, 2026

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done. dropped the #ifndef block and added a single ZIP_SETID_MASK 07000, used at both chmod sites. no more dependency on S_ISUID/S_ISGID being defined, so the windows build is fine. test_permissions still passes.

@kuba-- kuba-- merged commit f3e44c0 into kuba--:master Jun 14, 2026
18 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kuba-- kuba-- kuba-- approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jmestwa-coder @kuba--