Fix check_perms in OpamSystem

A principal does not get the union of user, group and other permissions - you only ever get one part of the mask.
ocaml · Jul 21, 2020 · d6faa8d · d6faa8d
1 parent caf6d39
commit d6faa8d
Showing 1 changed file with 8 additions and 3 deletions.
diff --git a/src/core/opamSystem.ml b/src/core/opamSystem.ml
@@ -388,9 +388,14 @@ let t_resolve_command =
         let open Unix in
         let uid = getuid() and groups = Array.to_list(getgroups()) in
         let {st_uid; st_gid; st_perm; _} = stat f in
-        let mask = 0o001
-                   lor (if uid = st_uid then 0o100 else 0)
-                   lor (if List.mem st_gid groups then 0o010 else 0) in
+        let mask =
+          if uid = st_uid then
+            0o100
+          else if List.mem st_gid groups then
+            0o010
+          else
+            0o001
+        in
         (st_perm land mask) <> 0
       with e -> OpamStd.Exn.fatal e; false
   in