From mboxrd@z Thu Jan  1 00:00:00 1970
From: Peter =?utf-8?q?M=C3=BCller?= <peter.mueller@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH 09/20] backup: prevent /var/ipfire/backup/bin/backup.pl from
 being owned by nobody
Date: Mon, 17 May 2021 21:04:00 +0200
Message-ID: <f2d3f420-e79b-7c34-69df-1fbacf4db014@ipfire.org>
In-Reply-To: <b1e8e9f8-96df-68b7-7847-012d7efb5e22@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============6127424231044332026=="
List-Id: <development.lists.ipfire.org>

--===============6127424231044332026==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

This is dangerous as nobody could write arbitrary contents to this file
and execute it afterwards.

Partially fixes: #12619

Signed-off-by: Peter M=C3=BCller <peter.mueller(a)ipfire.org>
---
 lfs/backup | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/lfs/backup b/lfs/backup
index 791d87adb..9d3e05735 100644
--- a/lfs/backup
+++ b/lfs/backup
@@ -1,7 +1,7 @@
 ############################################################################=
###
 #                                                                           =
  #
 # IPFire.org - A linux based firewall                                       =
  #
-# Copyright (C) 2007-2018  IPFire Team  <info(a)ipfire.org>                 =
    #
+# Copyright (C) 2007-2021  IPFire Team  <info(a)ipfire.org>                 =
    #
 #                                                                           =
  #
 # This program is free software: you can redistribute it and/or modify      =
  #
 # it under the terms of the GNU General Public License as published by      =
  #
@@ -30,7 +30,7 @@ THISAPP    =3D backup-$(VER)
 DIR_APP    =3D $(DIR_SRC)/$(THISAPP)
 TARGET     =3D $(DIR_INFO)/$(THISAPP)
 PROG       =3D backup
-PAK_VER    =3D 1
+PAK_VER    =3D 2
=20
 DEPS       =3D
=20
@@ -56,10 +56,11 @@ dist:
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
 	-mkdir -p /var/ipfire/backup/bin
-	install -v -m 755 $(DIR_SRC)/config/backup/backup.pl /var/ipfire/backup/bin
+	install -v -m 755 -o root $(DIR_SRC)/config/backup/backup.pl /var/ipfire/ba=
ckup/bin
 	install -v -m 644 $(DIR_SRC)/config/backup/include /var/ipfire/backup/
 	install -v -m 644 $(DIR_SRC)/config/backup/exclude /var/ipfire/backup/
 	chown nobody:nobody -R /var/ipfire/backup/
+	chown root:root -R /var/ipfire/backup/bin/
 	-mkdir -p /var/ipfire/backup/addons
 	-mkdir -p /var/ipfire/backup/addons/includes
 	-mkdir -p /var/ipfire/backup/addons/backup
--=20
2.26.2

--===============6127424231044332026==--