persist_timestamp: don't allow og+rwx permission for timestamp directory

[opendoas.git] / persist_timestamp.c

diff --git a/persist_timestamp.c b/persist_timestamp.c
index d4ffdd3ac8f38336b06467b993e07d486a769d72..c608dca7f357f83452ed5485e9600cca43f02c3c 100644 (file)
--- a/persist_timestamp.c
+++ b/persist_timestamp.c
@@ -147,7 +147,7 @@ check:
 
        if ((st.st_mode & S_IFMT) != S_IFDIR)
                errx(1, "timestamp directory is not a directory");
-       if ((st.st_mode & (S_IWGRP|S_IRGRP|S_IWOTH|S_IROTH)) != 0)
+       if ((st.st_mode & (S_IWGRP|S_IRGRP|S_IXGRP|S_IWOTH|S_IROTH|S_IXOTH)) != 0)
                errx(1, "timestamp directory permissions wrong");
        if (st.st_uid != 0 || st.st_gid != 0)
                errx(1, "timestamp directory is not owned by root");