YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

regeconf: fix security issue where apps' system conf would be owned by the app, which can enable priviledge escalation

Browse source
This commit is contained in:
Alexandre Aubin 2023-05-26 21:06:01 +02:00
parent 1552944fdd
commit daf51e94bd
1 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
helpers/utils
View file

@ -1071,8 +1071,10 @@ _ynh_apply_default_permissions() {
fi fi
fi fi
# Crons should be owned by root otherwise they probably don't run # Crons should be owned by root
if echo "$target" | grep -q '^/etc/cron' # Also we don't want systemd conf, nginx conf or others stuff to be owned by the app,
# otherwise they could self-edit their own systemd conf and escalate privilege
if echo "$target" | grep -q '^/etc/cron\|/etc/php\|/etc/nginx/conf.d\|/etc/fail2ban\|/etc/systemd/system'
then then
chmod 400 $target chmod 400 $target
chown root:root $target chown root:root $target