From 25ada76437b5a9769f7203036c8ea12c5762da04 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 12 Feb 2021 18:00:28 +0100 Subject: [PATCH] pkg/archive: Unpack() use 0755 permissions for missing directories Commit edb62a3ace8c4303822a391b38231e577f8c2ee8 fixed a bug in MkdirAllAndChown() that caused the specified permissions to not be applied correctly. As a result of that bug, the configured umask would be applied. When extracting archives, Unpack() used 0777 permissions when creating missing parent directories for files that were extracted. Before edb62a3ace8c4303822a391b38231e577f8c2ee8, this resulted in actual permissions of those directories to be 0755 on most configurations (using a default 022 umask). Creating these directories should not depend on the host's umask configuration. This patch changes the permissions to 0755 to match the previous behavior, and to reflect the original intent of using 0755 as default. Signed-off-by: Sebastiaan van Stijn --- pkg/archive/archive.go | 2 +- pkg/archive/archive_unix_test.go | 19 +++++++++++++++++++ 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/pkg/archive/archive.go b/pkg/archive/archive.go index 134749d684..d437a8beb8 100644 --- a/pkg/archive/archive.go +++ b/pkg/archive/archive.go @@ -956,7 +956,7 @@ loop: parent := filepath.Dir(hdr.Name) parentPath := filepath.Join(dest, parent) if _, err := os.Lstat(parentPath); err != nil && os.IsNotExist(err) { - err = idtools.MkdirAllAndChownNew(parentPath, 0777, rootIDs) + err = idtools.MkdirAllAndChownNew(parentPath, 0755, rootIDs) if err != nil { return err } diff --git a/pkg/archive/archive_unix_test.go b/pkg/archive/archive_unix_test.go index e308dd80c6..4eff66629c 100644 --- a/pkg/archive/archive_unix_test.go +++ b/pkg/archive/archive_unix_test.go @@ -3,6 +3,7 @@ package archive // import "github.com/docker/docker/pkg/archive" import ( + "archive/tar" "bytes" "fmt" "io/ioutil" @@ -156,6 +157,24 @@ func TestTarWithHardLinkAndRebase(t *testing.T) { assert.Check(t, is.Equal(i1, i2)) } +// TestUntarParentPathPermissions is a regression test to check that missing +// parent directories are created with the expected permissions +func TestUntarParentPathPermissions(t *testing.T) { + buf := &bytes.Buffer{} + w := tar.NewWriter(buf) + err := w.WriteHeader(&tar.Header{Name: "foo/bar"}) + assert.NilError(t, err) + tmpDir, err := ioutil.TempDir("", t.Name()) + assert.NilError(t, err) + defer os.RemoveAll(tmpDir) + err = Untar(buf, tmpDir, nil) + assert.NilError(t, err) + + fi, err := os.Lstat(filepath.Join(tmpDir, "foo")) + assert.NilError(t, err) + assert.Equal(t, fi.Mode(), 0755|os.ModeDir) +} + func getNlink(path string) (uint64, error) { stat, err := os.Stat(path) if err != nil {