Calling set_readonly(false)
on a std::fs::Permissions
object results in
the file being world-writable, and is equivalent to running chmod a+w
on
the file. This provides global write access to all users and processes, and
introduces an insecure permissions vulnerability.
Use the set_mode()
method provided by the std::fs::PermissionsExt
trait
to provide secure write access to a file.
use std::fs::File;
fn foo() {
let f = File::create("foo.txt").unwrap();
let metadata = f.metadata().unwrap();
let mut permissions = metadata.permissions();
permissions.set_readonly(false);
}
use std::fs::File;
fn foo() {
let f = File::create("foo.txt").unwrap();
let metadata = f.metadata().unwrap();
let mut permissions = metadata.permissions();
// Set write permission for file owner
permissions.set_mode(0o644);
}