From: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri, 17 Mar 2023 12:00:35 +0000 (+0000)
Subject: FHS: Do not allow any executable files in /var
X-Git-Tag: 0.9.29~281
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=edd297db2a539e3bdce9087456f5d35f3a061a21;p=pakfire.git

FHS: Do not allow any executable files in /var

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/libpakfire/fhs.c b/src/libpakfire/fhs.c
index 720d3d7ea..75d3fbf82 100644
--- a/src/libpakfire/fhs.c
+++ b/src/libpakfire/fhs.c
@@ -96,6 +96,9 @@ static const struct pakfire_fhs_check {
 	{ "/var/empty/**",              0,    0,   NULL,   NULL, PAKFIRE_FHS_MUSTNOTEXIST },
 	{ "/var/tmp/**",                0,    0,   NULL,   NULL, PAKFIRE_FHS_MUSTNOTEXIST },
 
+	// No files in /var may be executable
+	{ "/var/**",              S_IFREG,    0,   NULL,   NULL, PAKFIRE_FHS_NOEXEC },
+
 	// /boot
 	{ "/boot",                S_IFDIR, 0755, "root", "root", 0 },
 	{ "/boot/efi",            S_IFDIR, 0755, "root", "root", 0 },