diff mbox series

[10/20] SquidGuard: Prevent binaries within /var/ipfire/urlfilter/bin/ from being owned by nobody

Message ID c2855868-9097-410a-29c6-6453d5e7a9df@ipfire.org
State Accepted
Commit e47f7a600edbfbcf318f4a06ce54341f4fa6febc
Headers
Series Prevent "nobody" from escalating privileges by using writeable binaries as a vehicle |

Commit Message

Peter Müller May 17, 2021, 7:04 p.m. UTC 
  Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
 lfs/squidguard | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/lfs/squidguard b/lfs/squidguard
index eb13c41dd..d5eb30377 100644
--- a/lfs/squidguard
+++ b/lfs/squidguard
@@ -1,7 +1,7 @@ 
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2018  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2021  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -113,6 +113,7 @@  $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	/usr/bin/perl $(DIR_CONF)/urlfilter/makeconf.pl
 	touch /var/ipfire/urlfilter/settings
 	chown -R nobody:nobody /var/ipfire/urlfilter
+	chown -R root:root /var/ipfire/urlfilter/bin
 	chmod 755 /srv/web/ipfire/html/images/urlfilter
 	chmod 644 /srv/web/ipfire/html/images/urlfilter/*
 	chown -R nobody:nobody /var/urlrepo