From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4ZBF9W3r72z376x for ; Mon, 10 Mar 2025 11:32:15 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4ZBF9R69BKz2xc2 for ; Mon, 10 Mar 2025 11:32:11 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4ZBF9R2RSQz1wy for ; Mon, 10 Mar 2025 11:32:11 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1741606331; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=xijtYhmUd5HmysOZHijP96HkzZUHf2O6iZ5NRgHXMho=; b=1F6vfrlrX/T2GxRRULJAPZaow6yBdSNaoDBvw/x+RJQtcipim0geaXXNBWVuQxSPnydXg1 I6+EBdZjlz/7jUBQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1741606331; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=xijtYhmUd5HmysOZHijP96HkzZUHf2O6iZ5NRgHXMho=; b=gIH0hf8E/g4t5WDLdp2XwIycNHF2iYLjE1KfVV0MByhyC7deEKsiLukfjbMas9r9MXLSID 32J59KQbGU0xsTmM4+dZ7ErNwyJ4AgmGLasc1CCqt7fi43l5zkWEaMAhfCgbcia+IHAG2K S/uZTLkwI71HUmNYXj9ZvJLa+yB7QXB+38rAHl2PwivA91EosqWHiyIt6OqzTUR982T7jp zhXWRg409HY0XNOiMwdxyyQDui0u0Ud+pPApgxGm2H58jVDxkPeM0mk1zOBpWDmJJQbo5V K1L9q4PhQTmyPhfd13bHJ5+7tOElIUQy7h7XI5D4DmpjO6zJgxmWay/7Nuu+Yw== Message-ID: <9ff22207-2da2-46cd-ac48-888b73c59c30@ipfire.org> Date: Mon, 10 Mar 2025 12:32:11 +0100 Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 Subject: Re: cgi-bin files being executable in patch submissions From: Adolf Belka To: "IPFire: Development-List" References: <37382d96-90ea-42b5-8249-ce43c92e0a39@ipfire.org> Content-Language: en-GB In-Reply-To: <37382d96-90ea-42b5-8249-ce43c92e0a39@ipfire.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Hi All, I have just noticed that in the logs.cgi there are three .dat programs with 755 firewalllog.dat ipblocklists.dat showrequestfromblocklist.dat I know I have worked on firewalllog.dat but I don't remember having worked on either of the other two. Regards, Adolf. On 10/03/2025 12:28, Adolf Belka wrote: > Hi All, > > I noticed the following patch in the IPFire git repo > > https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=fe32e52d27943909e8de96c1e525f8049179dc2f > > To remove the executable bits from a couple of cgi files. > > I looked in my git repo and those are shown as executable but I also noted that vpnmain.cgi is also with 755 instead of 644 in my directory > > I know I was just working on vpnmain so I am not sure if this has been occurring because I go and do some editing on a file and after testing it out on a machine in my testbed I copy the edited file to the cgi-bin directory to do the commit and patch submission. > > I use the same editor for doing all changes to the lfs files and all of those are 644 so it is not clear that it is something I am doing but I may have had some accident at some time with permissions without realising. > > I was just wondering if it was worth having a check in the build program, or a special tools program, that would check that the permissions are correct for files in certain directories and correct them if not. That way we should make sure any accidents don't get propagated through. > > > Regards, > > Adolf. >