From 9823bf6196b64187f0b6132b22cd43dc0f2670af Mon Sep 17 00:00:00 2001
From: Dan Gohman <sunfish@mozilla.com>
Date: Fri, 17 May 2019 15:56:17 -0700
Subject: [PATCH] Change path_open to not create files with execute privleges.

WASI currently lacks the ability to specify the full UNIX access control
information when creating files and directories, so for now just avoid
creating executable files and rely on the umask.
---
 src/hostcalls/fs.rs | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/hostcalls/fs.rs b/src/hostcalls/fs.rs
index c49120b350..351473bd73 100644
--- a/src/hostcalls/fs.rs
+++ b/src/hostcalls/fs.rs
@@ -713,11 +713,14 @@ pub fn path_open(
         Err(e) => return enc_errno(e),
     };
 
+    // Call openat. Use mode 0o666 so that we follow whatever the user's
+    // umask is, but don't set the executable flag, because it isn't yet
+    // meaningful for WASI programs to create executable files.
     let new_fd = match openat(
         dir,
         path.as_os_str(),
         nix_all_oflags,
-        Mode::from_bits_truncate(0o777),
+        Mode::from_bits_truncate(0o666),
     ) {
         Ok(fd) => fd,
         Err(e) => {