YunoHost-Apps/lstu_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/lstu_ynh.git synced 2024-09-03 19:36:12 +02:00
Code Issues Activity Actions

Merge pull request #48 from YunoHost-Apps/fix-security-hole

Browse source 
Fix security hole ... do *NOT* open the app port on the outside if the port is only meant for internal reverse-proxy use !
This commit is contained in:
Alexandre Aubin 2020-11-16 16:27:48 +01:00 committed by GitHub
commit e8c86d2612
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 8 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
scripts/install
View file

@ -61,19 +61,12 @@ ynh_app_setting_set --app=$app --key=hashed_password --value=$hashed_password
#=================================================
# FIND AND OPEN A PORT
#=================================================
ynh_script_progression --message="Configuring firewall..."
ynh_script_progression --message="Finding an available port..."
# Find an available port
port=$(ynh_find_port --port=8095)
ynh_app_setting_set --app=$app --key=port --value=$port
# Optional: Expose this port publicly
# (N.B. : you only need to do this if the app actually needs to expose the port publicly.
# If you do this and the app doesn't actually need you are CREATING SECURITY HOLES IN THE SERVER !)
# Open the port
ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port
#=================================================
# INSTALL DEPENDENCIES
#=================================================

10
scripts/remove
View file

@ -83,16 +83,6 @@ ynh_script_progression --message="Removing logrotate configuration..."
# Remove the app-specific logrotate config
ynh_remove_logrotate
#=================================================
# CLOSE A PORT
#=================================================
if yunohost firewall list | grep -q "\- $port$"
then
ynh_script_progression --message="Closing port $port..."
ynh_exec_warn_less yunohost firewall disallow TCP $port
fi
#=================================================
# SPECIFIC REMOVE
#=================================================

7
scripts/upgrade
View file

@ -90,6 +90,13 @@ if [ -z "$hashed_password" ]; then
ynh_app_setting_set --app=$app --key=hashed_password --value=$hashed_password
fi
# In previous versions, the port was mistakenly exposed to the outside world >_>
if yunohost firewall list | grep -q "\- $port$"
then
ynh_script_progression --message="Closing port $port..."
ynh_exec_warn_less yunohost firewall disallow TCP $port
fi
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================