Index: src/OFFile.m
==================================================================
--- src/OFFile.m
+++ src/OFFile.m
@@ -20,10 +20,14 @@
 
 #ifdef HAVE_FCNTL_H
 # include <fcntl.h>
 #endif
 #include "unistd_wrapper.h"
+
+#ifdef HAVE_SYS_STAT_H
+# include <sys/stat.h>
+#endif
 
 #import "OFFile.h"
 #import "OFString.h"
 #import "OFLocalization.h"
 
@@ -67,25 +71,10 @@
 #endif
 #ifndef O_EXLOCK
 # define O_EXLOCK 0
 #endif
 
-#ifndef S_IRGRP
-# define S_IRGRP 0
-#endif
-#ifndef S_IROTH
-# define S_IROTH 0
-#endif
-#ifndef S_IWGRP
-# define S_IWGRP 0
-#endif
-#ifndef S_IWOTH
-# define S_IWOTH 0
-#endif
-
-#define DEFAULT_MODE S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH
-
 #if !defined(OF_MORPHOS) || defined(OF_IXEMUL)
 static int
 parseMode(const char *mode)
 {
 	if (strcmp(mode, "r") == 0)
@@ -225,17 +214,17 @@
 
 		flags |= O_CLOEXEC;
 
 # if defined(OF_WINDOWS)
 		if ((_fd = _wopen([path UTF16String], flags,
-		    DEFAULT_MODE)) == -1)
+		    _S_IREAD | _S_IWRITE)) == -1)
 # elif defined(OF_HAVE_OFF64_T)
 		if ((_fd = open64([path cStringWithEncoding:
-		    [OFLocalization encoding]], flags, DEFAULT_MODE)) == -1)
+		    [OFLocalization encoding]], flags, 0666)) == -1)
 # else
 		if ((_fd = open([path cStringWithEncoding:
-		    [OFLocalization encoding]], flags, DEFAULT_MODE)) == -1)
+		    [OFLocalization encoding]], flags, 0666)) == -1)
 # endif
 			@throw [OFOpenItemFailedException
 			    exceptionWithPath: path
 					 mode: mode
 					errNo: errno];

Index: src/OFFileManager.h
==================================================================
--- src/OFFileManager.h
+++ src/OFFileManager.h
@@ -139,27 +139,35 @@
 - (OFDate *)statusChangeTimeOfItemAtPath: (OFString *)path;
 
 #ifdef OF_HAVE_CHMOD
 /*!
  * @brief Returns the permissions of the specified item.
+ *
+ * This returns only the permissions, meaning read, write and execute for
+ * owner, user and group, along with the sticky, setuid and setgid bit. In
+ * other words, only bits that match the mask 07777.
  *
  * @param path The path to the item whose permissions should be returned
  *
  * @return The permissions of the specified item
  */
-- (mode_t)permissionsOfItemAtPath: (OFString *)path;
+- (uint16_t)permissionsOfItemAtPath: (OFString *)path;
 
 /*!
  * @brief Changes the permissions of an item.
+ *
+ * This only changes the permissions, meaning read, write and execute for
+ * owner, user and group. For security reasons, it ignores all other bits. In
+ * other words, the permissions are masked with 0777.
  *
  * This method only changes the read-only flag on Windows.
  *
  * @param path The path to the item whose permissions should be changed
  * @param permissions The new permissions for the item
  */
 - (void)changePermissionsOfItemAtPath: (OFString *)path
-			  permissions: (mode_t)permissions;
+			  permissions: (uint16_t)permissions;
 #endif
 
 #ifdef OF_HAVE_CHOWN
 /*!
  * @brief Get the owner and group of the specified item.

Index: src/OFFileManager.m
==================================================================
--- src/OFFileManager.m
+++ src/OFFileManager.m
@@ -69,26 +69,10 @@
 # include <windows.h>
 # include <direct.h>
 # include <ntdef.h>
 #endif
 
-#ifndef S_IRGRP
-# define S_IRGRP 0
-#endif
-#ifndef S_IROTH
-# define S_IROTH 0
-#endif
-#ifndef S_IWGRP
-# define S_IWGRP 0
-#endif
-#ifndef S_IWOTH
-# define S_IWOTH 0
-#endif
-
-#define DEFAULT_MODE S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH
-#define DIR_MODE DEFAULT_MODE | S_IXUSR | S_IXGRP | S_IXOTH
-
 #if defined(OF_WINDOWS)
 typedef struct __stat64 of_stat_t;
 #elif defined(OF_HAVE_OFF64_T)
 typedef struct stat64 of_stat_t;
 #else
@@ -277,11 +261,11 @@
 	if (path == nil)
 		@throw [OFInvalidArgumentException exception];
 
 #ifndef OF_WINDOWS
 	if (mkdir([path cStringWithEncoding: [OFLocalization encoding]],
-	    DIR_MODE) != 0)
+	    0777) != 0)
 #else
 	if (_wmkdir([path UTF16String]) != 0)
 #endif
 		@throw [OFCreateDirectoryFailedException
 		    exceptionWithPath: path
@@ -515,11 +499,11 @@
 	/* FIXME: We could be more precise on some OSes */
 	return [OFDate dateWithTimeIntervalSince1970: s.st_ctime];
 }
 
 #ifdef OF_HAVE_CHMOD
-- (mode_t)permissionsOfItemAtPath: (OFString *)path
+- (uint16_t)permissionsOfItemAtPath: (OFString *)path
 {
 	of_stat_t s;
 
 	if (path == nil)
 		@throw [OFInvalidArgumentException exception];
@@ -526,18 +510,20 @@
 
 	if (of_stat(path, &s) != 0)
 		@throw [OFStatItemFailedException exceptionWithPath: path
 							      errNo: errno];
 
-	return s.st_mode;
+	return s.st_mode & 07777;
 }
 
 - (void)changePermissionsOfItemAtPath: (OFString *)path
-			  permissions: (mode_t)permissions
+			  permissions: (uint16_t)permissions
 {
 	if (path == nil)
 		@throw [OFInvalidArgumentException exception];
+
+	permissions &= 0777;
 
 # ifndef OF_WINDOWS
 	if (chmod([path cStringWithEncoding: [OFLocalization encoding]],
 	    permissions) != 0)
 # else

Index: src/exceptions/OFChangePermissionsFailedException.h
==================================================================
--- src/exceptions/OFChangePermissionsFailedException.h
+++ src/exceptions/OFChangePermissionsFailedException.h
@@ -12,12 +12,10 @@
  * Public License, either version 2 or 3, which can be found in the file
  * LICENSE.GPLv2 or LICENSE.GPLv3 respectively included in the packaging of this
  * file.
  */
 
-#include <sys/types.h>
-
 #import "OFException.h"
 
 OF_ASSUME_NONNULL_BEGIN
 
 /*!
@@ -29,11 +27,11 @@
  *	  failed.
  */
 @interface OFChangePermissionsFailedException: OFException
 {
 	OFString *_path;
-	mode_t _permissions;
+	uint16_t _permissions;
 	int _errNo;
 }
 
 /*!
  * The path of the item.
@@ -41,11 +39,11 @@
 @property (readonly, nonatomic) OFString *path;
 
 /*!
  * The new permissions for the item.
  */
-@property (readonly, nonatomic) mode_t permissions;
+@property (readonly, nonatomic) uint16_t permissions;
 
 /*!
  * The errno of the error that occurred.
  */
 @property (readonly, nonatomic) int errNo;
@@ -59,11 +57,11 @@
  * @param permissions The new permissions for the item
  * @param errNo The errno of the error that occurred
  * @return A new, autoreleased change permissions failed exception
  */
 + (instancetype)exceptionWithPath: (OFString *)path
-		      permissions: (mode_t)permissions
+		      permissions: (uint16_t)permissions
 			    errNo: (int)errNo;
 
 - init OF_UNAVAILABLE;
 
 /*!
@@ -73,10 +71,10 @@
  * @param permissions The new permissions for the item
  * @param errNo The errno of the error that occurred
  * @return An initialized change permissions failed exception
  */
 - initWithPath: (OFString *)path
-   permissions: (mode_t)permissions
+   permissions: (uint16_t)permissions
 	 errNo: (int)errNo;
 @end
 
 OF_ASSUME_NONNULL_END

Index: src/exceptions/OFChangePermissionsFailedException.m
==================================================================
--- src/exceptions/OFChangePermissionsFailedException.m
+++ src/exceptions/OFChangePermissionsFailedException.m
@@ -67,9 +67,9 @@
 }
 
 - (OFString *)description
 {
 	return [OFString stringWithFormat:
-	    @"Failed to change permissions of item at path %@ to %d: %@",
+	    @"Failed to change permissions of item at path %@ to %04o: %@",
 	    _path, _permissions, of_strerror(_errNo)];
 }
 @end

Index: utils/ofzip/GZIPArchive.m
==================================================================
--- utils/ofzip/GZIPArchive.m
+++ utils/ofzip/GZIPArchive.m
@@ -29,14 +29,11 @@
 static void
 setPermissions(OFString *destination, OFString *source)
 {
 #ifdef OF_HAVE_CHMOD
 	OFFileManager *fileManager = [OFFileManager defaultManager];
-	mode_t mode = [fileManager permissionsOfItemAtPath: source];
-
-	/* Only allow modes that are safe */
-	mode &= (S_IRWXU | S_IRWXG | S_IRWXO);
+	uint16_t mode = [fileManager permissionsOfItemAtPath: source];
 
 	[fileManager changePermissionsOfItemAtPath: destination
 				       permissions: mode];
 #endif
 }

Index: utils/ofzip/OFZIP.h
==================================================================
--- utils/ofzip/OFZIP.h
+++ utils/ofzip/OFZIP.h
@@ -12,14 +12,10 @@
  * Public License, either version 2 or 3, which can be found in the file
  * LICENSE.GPLv2 or LICENSE.GPLv3 respectively included in the packaging of this
  * file.
  */
 
-#ifdef HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-
 #import "OFObject.h"
 #import "OFString.h"
 
 #import "Archive.h"
 

Index: utils/ofzip/TarArchive.m
==================================================================
--- utils/ofzip/TarArchive.m
+++ utils/ofzip/TarArchive.m
@@ -26,31 +26,19 @@
 #import "OFLocalization.h"
 
 #import "TarArchive.h"
 #import "OFZIP.h"
 
-#ifndef S_IRWXG
-# define S_IRWXG 0
-#endif
-#ifndef S_IRWXO
-# define S_IRWXO 0
-#endif
-
 static OFZIP *app;
 
 static void
 setPermissions(OFString *path, OFTarArchiveEntry *entry)
 {
 #ifdef OF_HAVE_CHMOD
-	uint32_t mode = [entry mode];
-
-	/* Only allow modes that are safe */
-	mode &= (S_IRWXU | S_IRWXG | S_IRWXO);
-
 	[[OFFileManager defaultManager]
 	    changePermissionsOfItemAtPath: path
-			      permissions: mode];
+			      permissions: [entry mode]];
 #endif
 }
 
 @implementation TarArchive
 + (void)initialize

Index: utils/ofzip/ZIPArchive.m
==================================================================
--- utils/ofzip/ZIPArchive.m
+++ utils/ofzip/ZIPArchive.m
@@ -38,14 +38,11 @@
 setPermissions(OFString *path, OFZIPArchiveEntry *entry)
 {
 #ifdef OF_HAVE_CHMOD
 	if (([entry versionMadeBy] >> 8) ==
 	    OF_ZIP_ARCHIVE_ENTRY_ATTR_COMPAT_UNIX) {
-		uint32_t mode = [entry versionSpecificAttributes] >> 16;
-
-		/* Only allow modes that are safe */
-		mode &= (S_IRWXU | S_IRWXG | S_IRWXO);
+		uint16_t mode = [entry versionSpecificAttributes] >> 16;
 
 		[[OFFileManager defaultManager]
 		    changePermissionsOfItemAtPath: path
 				      permissions: mode];
 	}