[09/20] backup: prevent /var/ipfire/backup/bin/backup.pl from being owned by nobody
Commit Message
This is dangerous as nobody could write arbitrary contents to this file
and execute it afterwards.
Partially fixes: #12619
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
lfs/backup | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2021 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -30,7 +30,7 @@ THISAPP = backup-$(VER)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = backup
-PAK_VER = 1
+PAK_VER = 2
DEPS =
@@ -56,10 +56,11 @@ dist:
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
-mkdir -p /var/ipfire/backup/bin
- install -v -m 755 $(DIR_SRC)/config/backup/backup.pl /var/ipfire/backup/bin
+ install -v -m 755 -o root $(DIR_SRC)/config/backup/backup.pl /var/ipfire/backup/bin
install -v -m 644 $(DIR_SRC)/config/backup/include /var/ipfire/backup/
install -v -m 644 $(DIR_SRC)/config/backup/exclude /var/ipfire/backup/
chown nobody:nobody -R /var/ipfire/backup/
+ chown root:root -R /var/ipfire/backup/bin/
-mkdir -p /var/ipfire/backup/addons
-mkdir -p /var/ipfire/backup/addons/includes
-mkdir -p /var/ipfire/backup/addons/backup