Skip to content
Permalink
Browse files Browse the repository at this point in the history
backup: prevent /var/ipfire/backup/bin/backup.pl from being owned by …
…nobody

This is dangerous as nobody could write arbitrary contents to this file
and execute it afterwards.

Partially fixes: #12619

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
  • Loading branch information
pmu-ipf authored and mtremer committed May 17, 2021
1 parent c8874ee commit 6769d90
Showing 1 changed file with 4 additions and 3 deletions.
7 changes: 4 additions & 3 deletions lfs/backup
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
# Copyright (C) 2007-2021 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
Expand Down Expand Up @@ -30,7 +30,7 @@ THISAPP = backup-$(VER)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = backup
PAK_VER = 1
PAK_VER = 2

DEPS =

Expand All @@ -56,10 +56,11 @@ dist:
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
-mkdir -p /var/ipfire/backup/bin
install -v -m 755 $(DIR_SRC)/config/backup/backup.pl /var/ipfire/backup/bin
install -v -m 755 -o root $(DIR_SRC)/config/backup/backup.pl /var/ipfire/backup/bin
install -v -m 644 $(DIR_SRC)/config/backup/include /var/ipfire/backup/
install -v -m 644 $(DIR_SRC)/config/backup/exclude /var/ipfire/backup/
chown nobody:nobody -R /var/ipfire/backup/
chown root:root -R /var/ipfire/backup/bin/
-mkdir -p /var/ipfire/backup/addons
-mkdir -p /var/ipfire/backup/addons/includes
-mkdir -p /var/ipfire/backup/addons/backup
Expand Down

0 comments on commit 6769d90

Please sign in to comment.