From b56fd635c6bf4959853dc63d3743ef3d79e98073 Mon Sep 17 00:00:00 2001
From: Hans-Christoph Steiner <hans@eds.org>
Date: Wed, 3 Dec 2025 16:46:52 +0100
Subject: [PATCH] scanner: flag suspicious permissions also when running as
 root

os.access() will always succeed when running as root.
---
 fdroidserver/scanner.py | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/fdroidserver/scanner.py b/fdroidserver/scanner.py
index b7bbbaa0..469706c3 100644
--- a/fdroidserver/scanner.py
+++ b/fdroidserver/scanner.py
@@ -966,11 +966,10 @@ def scan_source(build_dir, build=metadata.Build(), json_per_build=None):
 
             path_in_build_dir = os.path.relpath(filepath, build_dir)
 
-            if not os.access(filepath, os.R_OK):
+            st_mode = os.stat(filepath).st_mode
+            if not os.access(filepath, os.R_OK) or not st_mode & stat.S_IRUSR:
                 count += handleproblem(
-                    _("suspicious permissions {st_mode:o}").format(
-                        st_mode=os.stat(filepath).st_mode
-                    ),
+                    _("suspicious permissions {st_mode:o}").format(st_mode=st_mode),
                     path_in_build_dir,
                     filepath,
                     json_per_build,