Fix issues with file ownerships/modes
archiso/mkarchiso: Make sure to always compare absolute paths in `_make_custom_airootfs()` (as `realpath` is used). Remove `echo` calls that prevent the setting of actual file ownerships and modes. configs/releng/profiledef.sh: Set file mode of /root/.automated_script.sh to 755. Fixes #82
This commit is contained in:
parent
863247d0a6
commit
c10004dfec
@ -269,14 +269,14 @@ _make_custom_airootfs() {
|
|||||||
for filename in "${!file_permissions[@]}"; do
|
for filename in "${!file_permissions[@]}"; do
|
||||||
IFS=':' read -ra permissions <<< "${file_permissions["${filename}"]}"
|
IFS=':' read -ra permissions <<< "${file_permissions["${filename}"]}"
|
||||||
# Prevent file path traversal outside of $airootfs_dir
|
# Prevent file path traversal outside of $airootfs_dir
|
||||||
if [[ "$(realpath -q -- "${airootfs_dir}${filename}")" != "${airootfs_dir}"* ]]; then
|
if [[ "$(realpath -q -- "${airootfs_dir}${filename}")" != "$(realpath -q -- "${airootfs_dir}")"* ]]; then
|
||||||
_msg_error "Failed to set permissions on '${airootfs_dir}${filename}'. Outside of valid path." 1
|
_msg_error "Failed to set permissions on '${airootfs_dir}${filename}'. Outside of valid path." 1
|
||||||
# Warn if the file does not exist
|
# Warn if the file does not exist
|
||||||
elif [[ ! -e "${airootfs_dir}${filename}" ]]; then
|
elif [[ ! -e "${airootfs_dir}${filename}" ]]; then
|
||||||
_msg_warning "Cannot change permissions of '${airootfs_dir}${filename}'. The file or directory does not exist."
|
_msg_warning "Cannot change permissions of '${airootfs_dir}${filename}'. The file or directory does not exist."
|
||||||
else
|
else
|
||||||
echo chown -fh -- "${permissions[0]}:${permissions[1]}" "${airootfs_dir}${filename}"
|
chown -fh -- "${permissions[0]}:${permissions[1]}" "${airootfs_dir}${filename}"
|
||||||
echo chmod -f -- "${permissions[2]}" "${airootfs_dir}${filename}"
|
chmod -f -- "${permissions[2]}" "${airootfs_dir}${filename}"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
_msg_info "Done!"
|
_msg_info "Done!"
|
||||||
|
@ -14,7 +14,7 @@ airootfs_image_tool_options=('-comp' 'xz' '-Xbcj' 'x86' '-b' '1M' '-Xdict-size'
|
|||||||
file_permissions=(
|
file_permissions=(
|
||||||
["/etc/shadow"]="0:0:400"
|
["/etc/shadow"]="0:0:400"
|
||||||
["/root"]="0:0:750"
|
["/root"]="0:0:750"
|
||||||
["/root/.automated_script.sh"]="0:0:750"
|
["/root/.automated_script.sh"]="0:0:755"
|
||||||
["/usr/local/bin/choose-mirror"]="0:0:755"
|
["/usr/local/bin/choose-mirror"]="0:0:755"
|
||||||
["/usr/local/bin/Installation_guide"]="0:0:755"
|
["/usr/local/bin/Installation_guide"]="0:0:755"
|
||||||
["/usr/local/bin/livecd-sound"]="0:0:755"
|
["/usr/local/bin/livecd-sound"]="0:0:755"
|
||||||
|
Loading…
Reference in New Issue
Block a user