* cgi-bin files being executable in patch submissions
@ 2025-03-10 11:28 Adolf Belka
2025-03-10 11:32 ` Adolf Belka
2025-03-10 11:33 ` Michael Tremer
0 siblings, 2 replies; 3+ messages in thread
From: Adolf Belka @ 2025-03-10 11:28 UTC (permalink / raw)
To: IPFire: Development-List
Hi All,
I noticed the following patch in the IPFire git repo
https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=fe32e52d27943909e8de96c1e525f8049179dc2f
To remove the executable bits from a couple of cgi files.
I looked in my git repo and those are shown as executable but I also noted that vpnmain.cgi is also with 755 instead of 644 in my directory
I know I was just working on vpnmain so I am not sure if this has been occurring because I go and do some editing on a file and after testing it out on a machine in my testbed I copy the edited file to the cgi-bin directory to do the commit and patch submission.
I use the same editor for doing all changes to the lfs files and all of those are 644 so it is not clear that it is something I am doing but I may have had some accident at some time with permissions without realising.
I was just wondering if it was worth having a check in the build program, or a special tools program, that would check that the permissions are correct for files in certain directories and correct them if not. That way we should make sure any accidents don't get propagated through.
Regards,
Adolf.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: cgi-bin files being executable in patch submissions
2025-03-10 11:28 cgi-bin files being executable in patch submissions Adolf Belka
@ 2025-03-10 11:32 ` Adolf Belka
2025-03-10 11:33 ` Michael Tremer
1 sibling, 0 replies; 3+ messages in thread
From: Adolf Belka @ 2025-03-10 11:32 UTC (permalink / raw)
To: IPFire: Development-List
Hi All,
I have just noticed that in the logs.cgi there are three .dat programs with 755
firewalllog.dat
ipblocklists.dat
showrequestfromblocklist.dat
I know I have worked on firewalllog.dat but I don't remember having worked on either of the other two.
Regards,
Adolf.
On 10/03/2025 12:28, Adolf Belka wrote:
> Hi All,
>
> I noticed the following patch in the IPFire git repo
>
> https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=fe32e52d27943909e8de96c1e525f8049179dc2f
>
> To remove the executable bits from a couple of cgi files.
>
> I looked in my git repo and those are shown as executable but I also noted that vpnmain.cgi is also with 755 instead of 644 in my directory
>
> I know I was just working on vpnmain so I am not sure if this has been occurring because I go and do some editing on a file and after testing it out on a machine in my testbed I copy the edited file to the cgi-bin directory to do the commit and patch submission.
>
> I use the same editor for doing all changes to the lfs files and all of those are 644 so it is not clear that it is something I am doing but I may have had some accident at some time with permissions without realising.
>
> I was just wondering if it was worth having a check in the build program, or a special tools program, that would check that the permissions are correct for files in certain directories and correct them if not. That way we should make sure any accidents don't get propagated through.
>
>
> Regards,
>
> Adolf.
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: cgi-bin files being executable in patch submissions
2025-03-10 11:28 cgi-bin files being executable in patch submissions Adolf Belka
2025-03-10 11:32 ` Adolf Belka
@ 2025-03-10 11:33 ` Michael Tremer
1 sibling, 0 replies; 3+ messages in thread
From: Michael Tremer @ 2025-03-10 11:33 UTC (permalink / raw)
To: Adolf Belka; +Cc: IPFire: Development-List
Hello,
I suppose they have been executable for a long time. Usually that happens when copying them around on an actual test system because there, the scripts will all be executable.
It should not hurt us too much, but I wanted to avoid that anyone accidentally executes the scripts on their build system.
-Michael
> On 10 Mar 2025, at 11:28, Adolf Belka <adolf.belka@ipfire.org> wrote:
>
> Hi All,
>
> I noticed the following patch in the IPFire git repo
>
> https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=fe32e52d27943909e8de96c1e525f8049179dc2f
>
> To remove the executable bits from a couple of cgi files.
>
> I looked in my git repo and those are shown as executable but I also noted that vpnmain.cgi is also with 755 instead of 644 in my directory
>
> I know I was just working on vpnmain so I am not sure if this has been occurring because I go and do some editing on a file and after testing it out on a machine in my testbed I copy the edited file to the cgi-bin directory to do the commit and patch submission.
>
> I use the same editor for doing all changes to the lfs files and all of those are 644 so it is not clear that it is something I am doing but I may have had some accident at some time with permissions without realising.
>
> I was just wondering if it was worth having a check in the build program, or a special tools program, that would check that the permissions are correct for files in certain directories and correct them if not. That way we should make sure any accidents don't get propagated through.
>
>
> Regards,
>
> Adolf.
>
>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2025-03-10 11:33 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-03-10 11:28 cgi-bin files being executable in patch submissions Adolf Belka
2025-03-10 11:32 ` Adolf Belka
2025-03-10 11:33 ` Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox