Only use local files (file://) when they have explicit permissions a+r

[DL6ER]

What does this implement/fix?

This PR ports the most-recent changes from PRs #5615, #5618 amd #5620 to v6.

---

Related issue or feature (if applicable): N/A

Pull request in docs with documentation (if applicable): N/A

---

By submitting this pull request, I confirm the following:

1. I have read and understood the contributors guide, as well as this entire template. I understand which branch to base my commits and Pull Requests against.
2. I have commented my proposed changes within the code.
3. I am willing to help maintain this change if there are issues with it later.
4. It is compatible with the EUPL 1.2 license
5. I have squashed any insignificant commits. (git rebase)

Checklist:

• The code change is tested and works locally.
• I based my code and PRs against the repositories developmental branch.
• I signed off all commits. Pi-hole enforces the DCO for all contributions
• I signed all my commits. Pi-hole requires signatures to verify authorship
• I have read the above and my PR is ready for review.

[DL6ER]

[orazioedoardo]

I think this pull request, and the linked #5620 still wouldn’t catch a situation when file_path is a symlink to a non-regular file. Probably best would be to first dereference file_path with readlink --canonicalize, and then check for non-regular and world-readability the destination.

[dschaper]

is a symlink to a non-regular file.

Does the change from -e to -f at https://github.com/pi-hole/pi-hole/pull/5620/files#diff-1aa8de157651defa7dd9bb1eec010df250d3a336800e2bad8a4a3e297587747cR571 address non-regular files?

Edit: I think symlinks to non-regular fail the -f check as we would like

dan@Viking:~$ ls -la
total 136
drwxr-xr-x 15 dan  dan   4096 Mar 29 17:14 .
drwxr-xr-x  3 root root  4096 Nov 21  2022 ..
lrwxrwxrwx  1 dan  dan      8 Mar 29 17:14 non-regular -> /dev/sda
lrwxrwxrwx  1 dan  dan     11 Mar 29 17:14 regular -> /etc/shadow

dan@Viking:~$ cat b.sh
if [[ ! -f non-regular ]]; then
        echo "non-regular ! -f"
else
        echo "non-regular -f"
fi

if [[ ! -f regular ]]; then
        echo "regular ! -f"
else
        echo "regular -f"
fi

dan@Viking:~$ bash b.sh
non-regular ! -f
regular -f

Edit 2:

From help test, -f dereferences before comparison:

File operators:

  -a FILE        True if file exists.
  -b FILE        True if file is block special.
  -c FILE        True if file is character special.
  -d FILE        True if file is a directory.
  -e FILE        True if file exists.
  -f FILE        True if file exists and is a regular file.
  -g FILE        True if file is set-group-id.
  -h FILE        True if file is a symbolic link.
  -L FILE        True if file is a symbolic link.
  -k FILE        True if file has its `sticky' bit set.
  -p FILE        True if file is a named pipe.
  -r FILE        True if file is readable by you.
  -s FILE        True if file exists and is not empty.
  -S FILE        True if file is a socket.
  -t FD          True if FD is opened on a terminal.
  -u FILE        True if the file is set-user-id.
  -w FILE        True if the file is writable by you.
  -x FILE        True if the file is executable by you.
  -O FILE        True if the file is effectively owned by you.
  -G FILE        True if the file is effectively owned by your group.
  -N FILE        True if the file has been modified since it was last read.

  FILE1 -nt FILE2  True if file1 is newer than file2 (according to
                   modification date).

  FILE1 -ot FILE2  True if file1 is older than file2.

  FILE1 -ef FILE2  True if file1 is a hard link to file2.

All file operators except -h and -L are acting on the target of a symbolic
link, not on the symlink itself, if FILE is a symbolic link.**

[orazioedoardo]

I think symlinks to non-regular fail the -f check as we would like

help test, -f dereferences before comparison:

Yeah that's right actually