From 6769d909306d7bdc43d64598872126fcf1b217f6 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Peter=20M=C3=BCller?= Date: Mon, 17 May 2021 21:04:00 +0200 Subject: [PATCH] backup: prevent /var/ipfire/backup/bin/backup.pl from being owned by nobody MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit This is dangerous as nobody could write arbitrary contents to this file and execute it afterwards. Partially fixes: #12619 Signed-off-by: Peter Müller Signed-off-by: Michael Tremer --- lfs/backup | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/lfs/backup b/lfs/backup index 791d87adb5..9d3e057350 100644 --- a/lfs/backup +++ b/lfs/backup @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team # +# Copyright (C) 2007-2021 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -30,7 +30,7 @@ THISAPP = backup-$(VER) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = backup -PAK_VER = 1 +PAK_VER = 2 DEPS = @@ -56,10 +56,11 @@ dist: $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) -mkdir -p /var/ipfire/backup/bin - install -v -m 755 $(DIR_SRC)/config/backup/backup.pl /var/ipfire/backup/bin + install -v -m 755 -o root $(DIR_SRC)/config/backup/backup.pl /var/ipfire/backup/bin install -v -m 644 $(DIR_SRC)/config/backup/include /var/ipfire/backup/ install -v -m 644 $(DIR_SRC)/config/backup/exclude /var/ipfire/backup/ chown nobody:nobody -R /var/ipfire/backup/ + chown root:root -R /var/ipfire/backup/bin/ -mkdir -p /var/ipfire/backup/addons -mkdir -p /var/ipfire/backup/addons/includes -mkdir -p /var/ipfire/backup/addons/backup -- 2.39.5