From a66e30aa0479d6aa59a4a6f5737f9de6c2f0014c Mon Sep 17 00:00:00 2001
From: Thomas Geymayer <tomgey@gmail.com>
Date: Thu, 26 Jun 2014 18:09:22 +0200
Subject: [PATCH] Nasal: Limit SGPath::create_dir access rights to 0755

---
 src/Scripting/NasalSGPath.cxx | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/Scripting/NasalSGPath.cxx b/src/Scripting/NasalSGPath.cxx
index 3008a4965..19a74aff2 100644
--- a/src/Scripting/NasalSGPath.cxx
+++ b/src/Scripting/NasalSGPath.cxx
@@ -60,6 +60,12 @@ static naRef f_new_path(const nasal::CallContext& ctx)
   return validatedPathToNasal(ctx, SGPath(ctx.getArg<std::string>(0)));
 }
 
+static int f_path_create_dir(SGPath& p, const nasal::CallContext& ctx)
+{
+  // limit setable access rights for Nasal
+  return p.create_dir(ctx.getArg<mode_t>(0, 0755) & 0775);
+}
+
 /**
  * os.path.desktop()
  */
@@ -126,10 +132,10 @@ naRef initNasalSGPath(naRef globals, naContext c)
     .method("isAbsolute", &SGPath::isAbsolute)
     .method("isNull", &SGPath::isNull)
 
-    .method("create_dir", &SGPath::create_dir)
+    .method("create_dir", &f_path_create_dir)
     .method("remove", &SGPath::remove)
     .method("rename", &SGPath::rename);
- 
+
   nasal::Hash globals_module(globals, c),
               path = globals_module.createHash("os")
                                    .createHash("path");