Flag a $PATH entry that is writable by anyone but root

Challenge

Given a directory's stat-mode bits and owner uid, determine whether the directory is dangerous to have in $PATH for a privileged user.

Implement int dir_is_path_hazard(unsigned mode, int owner_uid).

Mode bits (POSIX st_mode):

• 0002 = world-writable
• 0020 = group-writable

Return 1 if:

• World-writable, OR
• Group-writable AND not owned by root (uid != 0).

Why this matters

A writable directory in $PATH is a privilege-escalation primitive: drop a binary called ls, wait for a privileged user. The audit step is the cheap defence.

Input format

mode (octal) + owner uid.

Output format

0/1.

Constraints

Pure bit math on POSIX mode flags.

Starter code

int dir_is_path_hazard(unsigned mode, int owner_uid) { /* TODO */ (void)mode; (void)owner_uid; return 0; }

Common mistakes

Treating mode as decimal. Forgetting the group-writable+non-root case.

Edge cases to handle

Sticky bit set (01000): irrelevant here. Setuid bit: irrelevant here.

Complexity

O(1).

Background lessons

• Auditing setuid programs

Up next

• Reject when O_NOFOLLOW would have refused
• Validate that a mkstemp template ends with at least 6 X's