From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4ZBF5L2pVbz376x for ; Mon, 10 Mar 2025 11:28:38 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4ZBF5G51Kdz35ZM for ; Mon, 10 Mar 2025 11:28:34 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4ZBF5F5nfbz7WZ for ; Mon, 10 Mar 2025 11:28:33 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1741606113; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Z3CUxbBRnxD/g44GN+f1VHcBtu6TkznHTGw4MBLWVss=; b=5qLKUanyQcorn0SaOtMz24huXWORO9S+mVQeMC0VDL5doREw9IM8PrveOvDl2fBTUOQyos csvFlfPklkD2j1CQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1741606113; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Z3CUxbBRnxD/g44GN+f1VHcBtu6TkznHTGw4MBLWVss=; b=SkqEy1N7DDKZIla7ny+f9AXcl8vL5I768/jhGunaBhB81Zt27cD/H+tOJnQLoRoEb3OG+h gJMNh/TMY3tEAtvg1jRGgZIvGJ0b0b2B7DDetC4XTZya11l2UbjVShd5611KycxI04hKqx JmOnKYSHYLINuQZHZAW+eNGcozeXjRv46dq08R5hip0EsHjqybQRlgFADlwdiihAPxLnoG +X4vn8ihjx150QGBvvKUNhsH2/OJConAfQcL7JRGr/e/OdZJt8y3Z7Qx+0lAbBrgeQbEQ3 yUpvK32BtS8OqzVFxf64xqonGyOSb2548UPtgJwYkRh6bTuhPRBa+4aYJyNvFQ== Message-ID: <37382d96-90ea-42b5-8249-ce43c92e0a39@ipfire.org> Date: Mon, 10 Mar 2025 12:28:28 +0100 Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 Content-Language: en-GB To: "IPFire: Development-List" From: Adolf Belka Subject: cgi-bin files being executable in patch submissions Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Hi All, I noticed the following patch in the IPFire git repo https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=fe32e52d27943909e8de96c1e525f8049179dc2f To remove the executable bits from a couple of cgi files. I looked in my git repo and those are shown as executable but I also noted that vpnmain.cgi is also with 755 instead of 644 in my directory I know I was just working on vpnmain so I am not sure if this has been occurring because I go and do some editing on a file and after testing it out on a machine in my testbed I copy the edited file to the cgi-bin directory to do the commit and patch submission. I use the same editor for doing all changes to the lfs files and all of those are 644 so it is not clear that it is something I am doing but I may have had some accident at some time with permissions without realising. I was just wondering if it was worth having a check in the build program, or a special tools program, that would check that the permissions are correct for files in certain directories and correct them if not. That way we should make sure any accidents don't get propagated through. Regards, Adolf.