From c10004dfecaea195b77fd883224023cc8f2eaaaf Mon Sep 17 00:00:00 2001 From: David Runge Date: Mon, 30 Nov 2020 21:48:08 +0100 Subject: [PATCH] Fix issues with file ownerships/modes archiso/mkarchiso: Make sure to always compare absolute paths in `_make_custom_airootfs()` (as `realpath` is used). Remove `echo` calls that prevent the setting of actual file ownerships and modes. configs/releng/profiledef.sh: Set file mode of /root/.automated_script.sh to 755. Fixes #82 --- archiso/mkarchiso | 6 +++--- configs/releng/profiledef.sh | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 0e478a4..4ab6bed 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -269,14 +269,14 @@ _make_custom_airootfs() { for filename in "${!file_permissions[@]}"; do IFS=':' read -ra permissions <<< "${file_permissions["${filename}"]}" # Prevent file path traversal outside of $airootfs_dir - if [[ "$(realpath -q -- "${airootfs_dir}${filename}")" != "${airootfs_dir}"* ]]; then + if [[ "$(realpath -q -- "${airootfs_dir}${filename}")" != "$(realpath -q -- "${airootfs_dir}")"* ]]; then _msg_error "Failed to set permissions on '${airootfs_dir}${filename}'. Outside of valid path." 1 # Warn if the file does not exist elif [[ ! -e "${airootfs_dir}${filename}" ]]; then _msg_warning "Cannot change permissions of '${airootfs_dir}${filename}'. The file or directory does not exist." else - echo chown -fh -- "${permissions[0]}:${permissions[1]}" "${airootfs_dir}${filename}" - echo chmod -f -- "${permissions[2]}" "${airootfs_dir}${filename}" + chown -fh -- "${permissions[0]}:${permissions[1]}" "${airootfs_dir}${filename}" + chmod -f -- "${permissions[2]}" "${airootfs_dir}${filename}" fi done _msg_info "Done!" diff --git a/configs/releng/profiledef.sh b/configs/releng/profiledef.sh index 051a390..d046c9c 100644 --- a/configs/releng/profiledef.sh +++ b/configs/releng/profiledef.sh @@ -14,7 +14,7 @@ airootfs_image_tool_options=('-comp' 'xz' '-Xbcj' 'x86' '-b' '1M' '-Xdict-size' file_permissions=( ["/etc/shadow"]="0:0:400" ["/root"]="0:0:750" - ["/root/.automated_script.sh"]="0:0:750" + ["/root/.automated_script.sh"]="0:0:755" ["/usr/local/bin/choose-mirror"]="0:0:755" ["/usr/local/bin/Installation_guide"]="0:0:755" ["/usr/local/bin/livecd-sound"]="0:0:755"