From 3135e76ea193eb75c4b9b4315634ec418a23238f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Peter=20M=C3=BCller?= <peter.mueller@ipfire.org>
Date: Fri, 18 Nov 2022 13:29:10 +0000
Subject: [PATCH] configroot: Ensure connscheduler/lib.pl is not writable by
 "nobody"
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
 config/cfgroot/connscheduler-lib.pl | 24 +++++++++++++++++++-----
 lfs/configroot                      |  2 +-
 2 files changed, 20 insertions(+), 6 deletions(-)

diff --git a/config/cfgroot/connscheduler-lib.pl b/config/cfgroot/connscheduler-lib.pl
index f9e4e5466..0ff8e8b84 100644
--- a/config/cfgroot/connscheduler-lib.pl
+++ b/config/cfgroot/connscheduler-lib.pl
@@ -1,9 +1,23 @@
 #!/usr/bin/perl
-#
-# Library file for Connection Scheduler AddOn
-#
-# This code is distributed under the terms of the GPL
-#
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2007-2022  IPFire Team  <info@ipfire.org>                     #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
 
 package CONNSCHED;
 
diff --git a/lfs/configroot b/lfs/configroot
index f278ccf77..c0db17fd9 100644
--- a/lfs/configroot
+++ b/lfs/configroot
@@ -169,7 +169,7 @@ $(TARGET) :
 	# Configroot permissions
 	chown -Rv	nobody:nobody	$(CONFIG_ROOT)
 	chown		root:root	$(CONFIG_ROOT)
-	for i in backup/exclude.user backup/include.user *.pl addon-lang/ langs/ ; do \
+	for i in backup/exclude.user backup/include.user connscheduler/lib.pl *.pl addon-lang/ langs/ ; do \
             chown -Rv root:root $(CONFIG_ROOT)/$$i; \
 	done
 	chown -Rv root:root $(CONFIG_ROOT)/*/bin