diff mbox series

[14/20] OpenVPN: ovpn-leases.db for sure does not have to be executable

Message ID b2266130-73b8-fe90-03a2-11708e30011b@ipfire.org
State Accepted
Commit 9cb1dc19e8d3c108687fe06592f826d4b658949d
Headers
Series Prevent "nobody" from escalating privileges by using writeable binaries as a vehicle |

Commit Message

Peter Müller May 17, 2021, 7:05 p.m. UTC 
  Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
 lfs/openvpn | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
diff mbox series

Patch

diff --git a/lfs/openvpn b/lfs/openvpn
index b026d515b..81ccc52bf 100644
--- a/lfs/openvpn
+++ b/lfs/openvpn
@@ -1,7 +1,7 @@ 
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2020  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2021  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -89,7 +89,7 @@  $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	-mkdir -vp /var/ipfire/ovpn/n2nconf
 	-mkdir -vp /var/ipfire/ovpn/scripts
 	touch /var/ipfire/ovpn/ovpn-leases.db
-	chmod 700 /var/ipfire/ovpn/ovpn-leases.db
+	chmod 600 /var/ipfire/ovpn/ovpn-leases.db
 	chown -R root:root /var/ipfire/ovpn/scripts
 	chown -R nobody:nobody /var/ipfire/ovpn
 	chmod 700 /var/ipfire/ovpn/certs