fix: skip rewriting files with special mode bits#81
Conversation
Refuse to rewrite content when special mode bits are set so find-replace does not silently strip setuid/setgid/sticky permissions. Fixes dolph#18
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: b0457e73c8
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| if err := os.WriteFile(path, []byte("needle"), 0o755); err != nil { | ||
| t.Fatal(err) | ||
| } | ||
| if err := os.Chmod(path, 0o4755); err != nil { |
There was a problem hiding this comment.
In this test, 0o4755 does not request setuid through Go's os.Chmod: on Unix, Chmod consumes mode.Perm() plus os.ModeSetuid/os.ModeSetgid/os.ModeSticky, and 0o4000 is neither a permission bit nor os.ModeSetuid. On normal Unix this leaves the file at 0755, so the later hasSpecialFileModeBits check takes the t.Skip path and the new regression test never exercises the skip behavior; use os.ModeSetuid|0o755 so the test actually covers setuid files.
Useful? React with 👍 / 👎.
1 participant
Fixes #18
Made with Cursor