Commit 331dd3f2 authored by Paul Cammish's avatar Paul Cammish
Browse files

Properly filter public/cgi-bin

parent e1f095b8
CHANGELOG CHANGELOG
--------- ---------
2020-09-23
sympl-core
* Properly filter public/cgi-bin
2020-09-09 2020-09-09
sympl-web sympl-web
* Fixes incorrect filename for log files (#296) * Fixes incorrect filename for log files (#296)
......
sympl-core (9.0.200923.0) stable; urgency=medium
* Properly filter public/cgi-bin
-- Paul Cammish <sympl@kelduum.net> Wed, 23 Sep 2020 13:50:11 +0100
sympl-core (9.200909.0) stable; urgency=medium sympl-core (9.200909.0) stable; urgency=medium
* sympl-filesystem-security: don't overwite permission in public/cgi-bin (#299) * sympl-filesystem-security: don't overwite permission in public/cgi-bin (#299)
......
...@@ -68,8 +68,8 @@ function secure_domain_dir() ...@@ -68,8 +68,8 @@ function secure_domain_dir()
# Enforce permissions for /srv/example.org/public, /php_sessions, /php_tmp # Enforce permissions for /srv/example.org/public, /php_sessions, /php_tmp
# but exclude changing any permissions inside public/cgi-bin # but exclude changing any permissions inside public/cgi-bin
find "${domain}/public" ! -path ${domain}/public/cgi-bin/* \( -type f -o -type d \) \( ! -uid ${public_uid} -o ! -gid ${public_gid} \) $VERBOSE -exec chown ${public_uid}:${public_gid} {} \; find "${domain}/public" ! -path "${domain}/public/cgi-bin/*" \( -type f -o -type d \) \( ! -uid ${public_uid} -o ! -gid ${public_gid} \) $VERBOSE -exec chown ${public_uid}:${public_gid} {} \;
find "${domain}/public" ! -path ${domain}/public/cgi-bin/* \( -type f ! -perm 664 $VERBOSE -exec chmod 664 {} \; -o -type d ! -perm 2775 $VERBOSE -exec chmod 2775 {} \; \) find "${domain}/public" ! -path "${domain}/public/cgi-bin/*" \( -type f ! -perm 664 $VERBOSE -exec chmod 664 {} \; -o -type d ! -perm 2775 $VERBOSE -exec chmod 2775 {} \; \)
if [ -d "${domain}/php_sessions" ]; then if [ -d "${domain}/php_sessions" ]; then
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment