From b16bb6c445a41d82b3c7dc9b7d297b9a0facb99f Mon Sep 17 00:00:00 2001
From: Leah Rowe <leah@libreboot.org>
Date: Tue, 24 Mar 2026 20:12:51 +0000
Subject: util/mkhtemp: loosen execution restriction

Signed-off-by: Leah Rowe <leah@libreboot.org>
---
 util/libreboot-utils/lib/mkhtemp.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

(limited to 'util/libreboot-utils/lib/mkhtemp.c')

diff --git a/util/libreboot-utils/lib/mkhtemp.c b/util/libreboot-utils/lib/mkhtemp.c
index 419bb0b3..56d2bf74 100644
--- a/util/libreboot-utils/lib/mkhtemp.c
+++ b/util/libreboot-utils/lib/mkhtemp.c
@@ -433,11 +433,23 @@ world_writeable_and_sticky(
 	/* must be fully executable
 	 * by everyone, or openat2
 	 * becomes unreliable**
+	 *
+	 * TODO: loosen these, as a toggle.
+	 * execution rights isn't
+	 * really a requirement for
+	 * TMPDIR, except maybe search,
+	 * but this function will be
+	 * generalised at some point
+	 * for use in other tools
+	 * besides just mkhtemp.
 	 */
+	/*
 	if (!(st.st_mode & S_IXUSR) ||
 	    !(st.st_mode & S_IXGRP) ||
 	    !(st.st_mode & S_IXOTH)) {
-
+	*/
+	/* just require it for *you*, for now */
+	if (!(st.st_mode & S_IXUSR)) {
 		errno = EACCES;
 		goto sticky_hell;
 	}
-- 
cgit v1.2.1