backup: prevent /var/ipfire/backup/bin/backup.pl from being owned by nobody

This is dangerous as nobody could write arbitrary contents to this file and execute it afterwards. Partially fixes: #12619 Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2026-04-22 17:02:58 +02:00 · 2021-05-17 21:04:00 +02:00
parent c8874ee012
commit 6769d90930
1 changed files with 4 additions and 3 deletions
--- a/lfs/backup
+++ b/lfs/backup
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2018  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2021  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -30,7 +30,7 @@ THISAPP    = backup-$(VER)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = backup
-PAK_VER    = 1
+PAK_VER    = 2

 DEPS       =

@@ -56,10 +56,11 @@ dist:
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
 	-mkdir -p /var/ipfire/backup/bin
-	install -v -m 755 $(DIR_SRC)/config/backup/backup.pl /var/ipfire/backup/bin
+	install -v -m 755 -o root $(DIR_SRC)/config/backup/backup.pl /var/ipfire/backup/bin
 	install -v -m 644 $(DIR_SRC)/config/backup/include /var/ipfire/backup/
 	install -v -m 644 $(DIR_SRC)/config/backup/exclude /var/ipfire/backup/
 	chown nobody:nobody -R /var/ipfire/backup/
+	chown root:root -R /var/ipfire/backup/bin/
 	-mkdir -p /var/ipfire/backup/addons
 	-mkdir -p /var/ipfire/backup/addons/includes
 	-mkdir -p /var/ipfire/backup/addons/backup