Skip to content
Permalink
Browse files

set default permission 0700 for backup directory

fixes CVE-2013-1425 (local information disclosure)
  • Loading branch information...
elmar committed Jan 28, 2013
1 parent de966ce commit a90f3217fce87962db82d212f73af70693087124
Showing with 14 additions and 2 deletions.
  1. +1 −0 README.mdown
  2. +1 −1 configure.ac
  3. +8 −0 debian/changelog
  4. +1 −1 ldap-git-backup.in
  5. +3 −0 t/030_git-from-scratch.t.in
@@ -115,3 +115,4 @@ Over time various people contributed with discussions, ideas, code, and bug repo
- Axel Beckert <abe@debian.org> (co-maintainer)
- Florian Ernst <florian\_ernst@gmx.net>
- Bart Martens <bartm@debian.org>
- Hans Spaans <hans.spaans@nexit.nl>
@@ -1,7 +1,7 @@
AC_PREREQ([2.67])dnl require version in Debian squeeze (or higher)
AC_INIT(
[LDAP Git Backup],
[1.0.3],
[1.0.4],
[elmar@heebs.ch],
[ldap-git-backup],
[https://github.com/elmar/ldap-git-backup]
@@ -1,3 +1,11 @@
ldap-git-backup (1.0.4-1) unstable; urgency=low

* create backup directory with default mode of 0700
fixes CVE-2013-1425 (local information disclosure)
Thanks to Hans Spaans <hans.spaans@nexit.nl>

-- Elmar S. Heeb <elmar@heebs.ch> Mon, 28 Jan 2013 19:05:13 +0000

ldap-git-backup (1.0.3-2) unstable; urgency=low

* clean up of Depends and Build-Depends
@@ -36,7 +36,7 @@ sub main {
}

my $ldif_aref = LDAP::Utils::read_ldif($ldif_cmd);
make_path($backup_dir);
make_path($backup_dir, {mode => 0700});
chdir($backup_dir);
Git::command('init');
my $repo = Git->repository(Directory => $backup_dir);
@@ -32,6 +32,9 @@ ok(
'first backup should run'
);
ok( (-d $backup_dir), 'backup directory should have been created' );
my $mode = ((stat($backup_dir))[2]) & 0777; # mask only permission part of mode
$mode = sprintf("%#o", $mode); # string in octal to help readability of assertion
is( $mode, '0700', 'new backup directory should be created with mode 0700 (rwx------)' );
ok( (-d "$backup_dir/.git"), 'backup directory should be a GIT repository now');

check_directory_list($backup_dir, qw(

0 comments on commit a90f321

Please sign in to comment.
You can’t perform that action at this time.