Re: cgi-bin files being executable in patch submissions

[Michael Tremer <michael.tremer@ipfire.org>]

Hello,

I suppose they have been executable for a long time. Usually that happens when copying them around on an actual test system because there, the scripts will all be executable.

It should not hurt us too much, but I wanted to avoid that anyone accidentally executes the scripts on their build system.

-Michael

> On 10 Mar 2025, at 11:28, Adolf Belka <adolf.belka@ipfire.org> wrote:
> 
> Hi All,
> 
> I noticed the following patch in the IPFire git repo
> 
> https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=fe32e52d27943909e8de96c1e525f8049179dc2f
> 
> To remove the executable bits from a couple of cgi files.
> 
> I looked in my git repo and those are shown as executable but I also noted that vpnmain.cgi is also with 755 instead of 644 in my directory
> 
> I know I was just working on vpnmain so I am not sure if this has been occurring because I go and do some editing on a file and after testing it out on a machine in my testbed I copy the edited file to the cgi-bin directory to do the commit and patch submission.
> 
> I use the same editor for doing all changes to the lfs files and all of those are 644 so it is not clear that it is something I am doing but I may have had some accident at some time with permissions without realising.
> 
> I was just wondering if it was worth having a check in the build program, or a special tools program, that would check that the permissions are correct for files in certain directories and correct them if not. That way we should make sure any accidents don't get propagated through.
> 
> 
> Regards,
> 
> Adolf.
> 
>