From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4ZBFBg1kV1z376T for ; Mon, 10 Mar 2025 11:33:15 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4ZBFBb3yfbz2xc2 for ; Mon, 10 Mar 2025 11:33:11 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4ZBFBb23grzqZ; Mon, 10 Mar 2025 11:33:11 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1741606391; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=D4iour/4hw59sCZZh0BwrcgfPW+kD/6XwBAN9/m8a4s=; b=qUGbWQajF2pbatctsaBJ2GD2ZnAgU4/Vo06m2uQGlou37S0/MBvgGHSIvbNJz69OdOO0vi yGEq7QDSBKNL8RDQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1741606391; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=D4iour/4hw59sCZZh0BwrcgfPW+kD/6XwBAN9/m8a4s=; b=Hy3J76KGNyUJBTH6XXk830mF8h73xwczO2i3ZzJC2ousrJp1RelD5ZOFscDPz/VI+3rfov pIsSudNbSydAC56D94WE1DRy5q+Ps/v/ymhbZZ3x1btnGIdHmB/xsDM77pqAzrYhzcHBzM QpO8JSz3bJoavnZrqBLSZfAtWmXnVWKXwpsWA0+ajiqIg1PfTZuJkgCV/bLN/bBO5HHB+H SeWgPKFa+7qiEqW/uSUoXltGjdFpo5FaKDpGp4pCQ+dqKKf/eVzJv6Dwm36Y3p4hWUdHG3 KO6KR8oQcgmNrdO96R7F2FIZ9frPgZ7qbNKcA0Lei8URRWnO5XsHFPS2EBoF1A== Content-Type: text/plain; charset=us-ascii Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: Mime-Version: 1.0 Subject: Re: cgi-bin files being executable in patch submissions From: Michael Tremer In-Reply-To: <37382d96-90ea-42b5-8249-ce43c92e0a39@ipfire.org> Date: Mon, 10 Mar 2025 11:33:10 +0000 Cc: "IPFire: Development-List" Content-Transfer-Encoding: quoted-printable Message-Id: <215E0605-7524-4279-A7D1-109B844DFFD0@ipfire.org> References: <37382d96-90ea-42b5-8249-ce43c92e0a39@ipfire.org> To: Adolf Belka Hello, I suppose they have been executable for a long time. Usually that = happens when copying them around on an actual test system because there, = the scripts will all be executable. It should not hurt us too much, but I wanted to avoid that anyone = accidentally executes the scripts on their build system. -Michael > On 10 Mar 2025, at 11:28, Adolf Belka wrote: >=20 > Hi All, >=20 > I noticed the following patch in the IPFire git repo >=20 > = https://git.ipfire.org/?p=3Dipfire-2.x.git;a=3Dcommit;h=3Dfe32e52d27943909= e8de96c1e525f8049179dc2f >=20 > To remove the executable bits from a couple of cgi files. >=20 > I looked in my git repo and those are shown as executable but I also = noted that vpnmain.cgi is also with 755 instead of 644 in my directory >=20 > I know I was just working on vpnmain so I am not sure if this has been = occurring because I go and do some editing on a file and after testing = it out on a machine in my testbed I copy the edited file to the cgi-bin = directory to do the commit and patch submission. >=20 > I use the same editor for doing all changes to the lfs files and all = of those are 644 so it is not clear that it is something I am doing but = I may have had some accident at some time with permissions without = realising. >=20 > I was just wondering if it was worth having a check in the build = program, or a special tools program, that would check that the = permissions are correct for files in certain directories and correct = them if not. That way we should make sure any accidents don't get = propagated through. >=20 >=20 > Regards, >=20 > Adolf. >=20 >=20