YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

Fix again /var/www/.well-known/ynh-diagnosis/ perms which are too broad and could be exploited to serve malicious files x_x

Browse source
This commit is contained in:
Alexandre Aubin 2023-06-12 17:26:24 +02:00
parent 18336b01dc
commit 84984ad89a
2 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
hooks/conf_regen/01-yunohost
View file

@ -178,6 +178,8 @@ do_post_regen() {
chown root:admins /home/yunohost.backup/archives chown root:admins /home/yunohost.backup/archives
chown root:root /var/cache/yunohost chown root:root /var/cache/yunohost
[ ! -e /var/www/.well-known/ynh-diagnosis/ ] || chmod 775 /var/www/.well-known/ynh-diagnosis/
# NB: x permission for 'others' is important for ssl-cert (and maybe mdns), otherwise slapd will fail to start because can't access the certs # NB: x permission for 'others' is important for ssl-cert (and maybe mdns), otherwise slapd will fail to start because can't access the certs
chmod 755 /etc/yunohost chmod 755 /etc/yunohost

2
src/diagnosers/21-web.py
View file

@ -61,7 +61,7 @@ class MyDiagnoser(Diagnoser):
self.nonce = "".join(random.choice("0123456789abcedf") for i in range(16)) self.nonce = "".join(random.choice("0123456789abcedf") for i in range(16))
rm("/var/www/.well-known/ynh-diagnosis/", recursive=True, force=True) rm("/var/www/.well-known/ynh-diagnosis/", recursive=True, force=True)
mkdir("/var/www/.well-known/ynh-diagnosis/", parents=True) mkdir("/var/www/.well-known/ynh-diagnosis/", parents=True, mode=0o0775)
os.system("touch /var/www/.well-known/ynh-diagnosis/%s" % self.nonce) os.system("touch /var/www/.well-known/ynh-diagnosis/%s" % self.nonce)
if not domains_to_check: if not domains_to_check: