diff mbox series

[18/20] nagios-plugins: Prevent Nagios plugins from being owned by nobody

Message ID 6eb3152c-47f8-5687-6241-ad699ab6c7bd@ipfire.org
State Accepted
Commit 50ba8b2e80459444c1973d0f904c3349741f765e
Headers
Series Prevent "nobody" from escalating privileges by using writeable binaries as a vehicle |

Commit Message

Peter Müller May 17, 2021, 7:07 p.m. UTC 
  Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
 lfs/nagios-plugins | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)
diff mbox series

Patch

diff --git a/lfs/nagios-plugins b/lfs/nagios-plugins
index ad081d5f6..d35a94bbe 100644
--- a/lfs/nagios-plugins
+++ b/lfs/nagios-plugins
@@ -1,7 +1,7 @@ 
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2018  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2021  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -32,7 +32,7 @@  DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = nagios-plugins
-PAK_VER    = 4
+PAK_VER    = 5
 
 DEPS       =
 
@@ -88,4 +88,8 @@  $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	cd $(DIR_APP) && make $(MAKETUNING)
 	cd $(DIR_APP) && make install
 	@rm -rf $(DIR_APP)
+
+	# Prevent Nagios plugins from being owned (and hence writeable) by "nobody"
+	chown root:root -R /usr/lib/nagios/plugins
+
 	@$(POSTBUILD)