nvmutil tmpdir: check world-writeable / sticky bits

must be world writeable and not have sticky bits a bit theoretical, but we're also reading TMPDIR, which could be anything due to how this is called, it defaults back to /tmp if null is returned, so itt's safe Signed-off-by: Leah Rowe <leah@libreboot.org>
author: Leah Rowe <leah@libreboot.org> 2026-03-18 04:49:22 +0000
committer: Leah Rowe <leah@libreboot.org> 2026-03-18 04:53:10 +0000
commit: ee5ff037654168d0829c3219ce7d89ab202af40d (patch)
tree: 83a069307bc3231f36410386c27612bc5eb0d5f4 /util/nvmutil/nvmutil.h
parent: 4810284f12ca1ebf3b0cf2609d6f133385577731 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/util/nvmutil/nvmutil.h b/util/nvmutil/nvmutil.h
index 94ad8f62..4d8c3ab2 100644
--- a/util/nvmutil/nvmutil.h
+++ b/util/nvmutil/nvmutil.h
@@ -28,6 +28,14 @@ int fchmod(int fd, mode_t mode);
 #define OFF_RESET 1
 #endif
 
+#ifndef S_ISVTX
+#define S_ISVTX 01000
+#endif
+
+#if defined(S_IFMT) && ((S_ISVTX & S_IFMT) != 0)
+#error "Unexpected bit layout"
+#endif
+
 #ifndef MAX_ZERO_RW_RETRY
 #define MAX_ZERO_RW_RETRY 5
 #endif
author	Leah Rowe <leah@libreboot.org>	2026-03-18 04:49:22 +0000
committer	Leah Rowe <leah@libreboot.org>	2026-03-18 04:53:10 +0000
commit	ee5ff037654168d0829c3219ce7d89ab202af40d (patch)
tree	83a069307bc3231f36410386c27612bc5eb0d5f4 /util/nvmutil/nvmutil.h
parent	4810284f12ca1ebf3b0cf2609d6f133385577731 (diff)