From ee5ff037654168d0829c3219ce7d89ab202af40d Mon Sep 17 00:00:00 2001
From: Leah Rowe <leah@libreboot.org>
Date: Wed, 18 Mar 2026 04:49:22 +0000
Subject: nvmutil tmpdir: check world-writeable / sticky bits

must be world writeable and not have sticky bits

a bit theoretical, but we're also reading TMPDIR,
which could be anything

due to how this is called, it defaults back to /tmp
if null is returned, so itt's safe

Signed-off-by: Leah Rowe <leah@libreboot.org>
---
 util/nvmutil/nvmutil.h | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'util/nvmutil/nvmutil.h')

diff --git a/util/nvmutil/nvmutil.h b/util/nvmutil/nvmutil.h
index 94ad8f62..4d8c3ab2 100644
--- a/util/nvmutil/nvmutil.h
+++ b/util/nvmutil/nvmutil.h
@@ -28,6 +28,14 @@ int fchmod(int fd, mode_t mode);
 #define OFF_RESET 1
 #endif
 
+#ifndef S_ISVTX
+#define S_ISVTX 01000
+#endif
+
+#if defined(S_IFMT) && ((S_ISVTX & S_IFMT) != 0)
+#error "Unexpected bit layout"
+#endif
+
 #ifndef MAX_ZERO_RW_RETRY
 #define MAX_ZERO_RW_RETRY 5
 #endif
-- 
cgit v1.2.1