[PATCH 14/20] OpenVPN: ovpn-leases.db for sure does not have to be executable

public inbox for development@lists.ipfire.org
 help / color / mirror / Atom feed

From: "Peter Müller" <peter.mueller@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH 14/20] OpenVPN: ovpn-leases.db for sure does not have to be executable
Date: Mon, 17 May 2021 21:05:49 +0200	[thread overview]
Message-ID: <b2266130-73b8-fe90-03a2-11708e30011b@ipfire.org> (raw)
In-Reply-To: <e4b62898-7d9f-eae1-3601-e6b43be148d9@ipfire.org>

[-- Attachment #1: Type: text/plain, Size: 1345 bytes --]

Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
---
 lfs/openvpn | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lfs/openvpn b/lfs/openvpn
index b026d515b..81ccc52bf 100644
--- a/lfs/openvpn
+++ b/lfs/openvpn
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2020  IPFire Team  <info(a)ipfire.org>                     #
+# Copyright (C) 2007-2021  IPFire Team  <info(a)ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -89,7 +89,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	-mkdir -vp /var/ipfire/ovpn/n2nconf
 	-mkdir -vp /var/ipfire/ovpn/scripts
 	touch /var/ipfire/ovpn/ovpn-leases.db
-	chmod 700 /var/ipfire/ovpn/ovpn-leases.db
+	chmod 600 /var/ipfire/ovpn/ovpn-leases.db
 	chown -R root:root /var/ipfire/ovpn/scripts
 	chown -R nobody:nobody /var/ipfire/ovpn
 	chmod 700 /var/ipfire/ovpn/certs
-- 
2.26.2

next prev parent reply	other threads:[~2021-05-17 19:05 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-05-17 19:00 [PATCH 00/20] Prevent "nobody" from escalating privileges by using writeable binaries as a vehicle Peter Müller
2021-05-17 19:00 ` [PATCH 01/20] GnuPG does not need to have a SUID bit set Peter Müller
2021-05-17 19:01   ` [PATCH 02/20] Core Update 157: remove SUID bit from /usr/bin/gpg Peter Müller
2021-05-17 19:01     ` [PATCH 03/20] /usr/bin/ping does not need a SUID bit if appropriate capabilities are set Peter Müller
2021-05-17 19:02       ` [PATCH 04/20] Core Update 157: Delete ssh-keysign binary Peter Müller
2021-05-17 19:02         ` [PATCH 05/20] DMA: do not ship a binary for creating mail boxes Peter Müller
2021-05-17 19:02           ` [PATCH 06/20] Core Update 157: Delete orphaned DMA mail box creation binary as well Peter Müller
2021-05-17 19:03             ` [PATCH 07/20] Core Update 157: /var/ipfire/fwhosts/icmp-types does not have to be executable Peter Müller
2021-05-17 19:03               ` [PATCH 08/20] Core Update 157: Ship changed iputils due to /usr/bin/ping changes Peter Müller
2021-05-17 19:04                 ` [PATCH 09/20] backup: prevent /var/ipfire/backup/bin/backup.pl from being owned by nobody Peter Müller
2021-05-17 19:04                   ` [PATCH 10/20] SquidGuard: Prevent binaries within /var/ipfire/urlfilter/bin/ " Peter Müller
2021-05-17 19:04                     ` [PATCH 11/20] Core Update 157: Apply changed permissions to /var/ipfire/urlfilter/bin/ Peter Müller
2021-05-17 19:05                       ` [PATCH 12/20] Squid: Prevent binaries within /var/ipfire/updatexlrator/bin/ from being owned by nobody Peter Müller
2021-05-17 19:05                         ` [PATCH 13/20] Core Update 157: Apply changed permissions to /var/ipfire/updatexlrator/bin/ Peter Müller
2021-05-17 19:05                           ` Peter Müller [this message]
2021-05-17 19:06                             ` [PATCH 15/20] Core Update 157: Apply changed permissions to /var/ipfire/ovpn/ovpn-leases.db Peter Müller
2021-05-17 19:06                               ` [PATCH 16/20] Core Update 157: Remove executable bit less ugly Peter Müller
2021-05-17 19:06                                 ` [PATCH 17/20] NRPE: Prevent NRPE binary from being owned by "nobody" Peter Müller
2021-05-17 19:07                                   ` [PATCH 18/20] nagios-plugins: Prevent Nagios plugins from being owned by nobody Peter Müller
2021-05-17 19:07                                     ` [PATCH 19/20] Squid: cachemgr.cgi does not have to be owned (hence writeable) " Peter Müller
2021-05-17 19:07                                       ` [PATCH 20/20] Core Update 157: Apply changed permissions to /srv/web/ipfire/cgi-bin/cachemgr.cgi Peter Müller

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=b2266130-73b8-fe90-03a2-11708e30011b@ipfire.org \
    --to=peter.mueller@ipfire.org \
    --cc=development@lists.ipfire.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox