[PATCH 09/20] backup: prevent /var/ipfire/backup/bin/backup.pl from being owned by nobody

This is dangerous as nobody could write arbitrary contents to this file and execute it afterwards.

Partially fixes: #12619

Signed-off-by: Peter Müller peter.mueller@ipfire.org --- lfs/backup | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/lfs/backup b/lfs/backup index 791d87adb..9d3e05735 100644 --- a/lfs/backup +++ b/lfs/backup @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2021 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -30,7 +30,7 @@ THISAPP = backup-$(VER) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = backup -PAK_VER = 1 +PAK_VER = 2

DEPS =

@@ -56,10 +56,11 @@ dist: $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) -mkdir -p /var/ipfire/backup/bin - install -v -m 755 $(DIR_SRC)/config/backup/backup.pl /var/ipfire/backup/bin + install -v -m 755 -o root $(DIR_SRC)/config/backup/backup.pl /var/ipfire/backup/bin install -v -m 644 $(DIR_SRC)/config/backup/include /var/ipfire/backup/ install -v -m 644 $(DIR_SRC)/config/backup/exclude /var/ipfire/backup/ chown nobody:nobody -R /var/ipfire/backup/ + chown root:root -R /var/ipfire/backup/bin/ -mkdir -p /var/ipfire/backup/addons -mkdir -p /var/ipfire/backup/addons/includes -mkdir -p /var/ipfire/backup/addons/backup