]> git.ipfire.org Git - ipfire-2.x.git/commitdiff
projects / ipfire-2.x.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c8874ee)
backup: prevent /var/ipfire/backup/bin/backup.pl from being owned by nobody
authorPeter Müller <peter.mueller@ipfire.org>
Mon, 17 May 2021 19:04:00 +0000 (21:04 +0200)
committerMichael Tremer <michael.tremer@ipfire.org>
Mon, 17 May 2021 20:48:59 +0000 (20:48 +0000)
This is dangerous as nobody could write arbitrary contents to this file
and execute it afterwards.

Partially fixes: #12619

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
lfs/backup patch | blob | blame | history

diff --git a/lfs/backup b/lfs/backup
index 791d87adb547dfe93ff7e524e22bf20a8947a94b..9d3e0573506fbdef47365d6af000a74f79197611 100644 (file)
--- a/lfs/backup
+++ b/lfs/backup
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2018  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2021  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -30,7 +30,7 @@ THISAPP    = backup-$(VER)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = backup
-PAK_VER    = 1
+PAK_VER    = 2
 
 DEPS       =
 
@@ -56,10 +56,11 @@ dist:
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        @$(PREBUILD)
        -mkdir -p /var/ipfire/backup/bin
-       install -v -m 755 $(DIR_SRC)/config/backup/backup.pl /var/ipfire/backup/bin
+       install -v -m 755 -o root $(DIR_SRC)/config/backup/backup.pl /var/ipfire/backup/bin
        install -v -m 644 $(DIR_SRC)/config/backup/include /var/ipfire/backup/
        install -v -m 644 $(DIR_SRC)/config/backup/exclude /var/ipfire/backup/
        chown nobody:nobody -R /var/ipfire/backup/
+       chown root:root -R /var/ipfire/backup/bin/
        -mkdir -p /var/ipfire/backup/addons
        -mkdir -p /var/ipfire/backup/addons/includes
        -mkdir -p /var/ipfire/backup/addons/backup
IPFire 2.x development tree