From 33855a7a12c8878eb7306e54cdb37e93d2fed4ae Mon Sep 17 00:00:00 2001
From: Christophe CURIS <christophe.curis@free.fr>
Date: Sat, 8 Nov 2014 20:49:40 +0100
Subject: [PATCH] WPrefs: replaced call to external program "chmod" by the
 equivalent system call

It is more efficient to use the dedicated function than to call an external
binary program to do the job, and it reduce the risk of problem in case the
path would end up with potentially problematic characters.

It should also close Coverity bug #50225 ("Use of untrusted string value")

Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
---
 WPrefs.app/MouseSettings.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/WPrefs.app/MouseSettings.c b/WPrefs.app/MouseSettings.c
index f9d80cd8..6df93009 100644
--- a/WPrefs.app/MouseSettings.c
+++ b/WPrefs.app/MouseSettings.c
@@ -26,6 +26,8 @@
 #include <X11/XKBlib.h>
 
 #include <unistd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
 #include <math.h>
 
 
@@ -641,6 +643,12 @@ static void storeCommandInScript(const char *cmd, const char *line)
 	char *path;
 	FILE *f;
 	char buffer[128];
+	mode_t permissions;
+
+	/* Calculate permission to be Executable but taking into account user's umask */
+	permissions = umask(0);
+	umask(permissions);
+	permissions = (S_IRWXU | S_IRWXG | S_IRWXO) & (~permissions);
 
 	path = wstrconcat(wusergnusteppath(), "/Library/WindowMaker/autostart");
 
@@ -700,9 +708,8 @@ static void storeCommandInScript(const char *cmd, const char *line)
 		}
 		wfree(tmppath);
 	}
-	sprintf(buffer, "chmod u+x %s", path);
-	if (system(buffer) == -1)
-		werror(_("could not execute command \"%s\""), buffer);
+	if (chmod(path, permissions) != 0)
+		wwarning(_("could not set permission 0%03o on file \"%s\""), permissions, path);
 
  end:
 	wfree(path);
-- 
2.11.4.GIT