Security fix: Incorrect permission assignment for critical resource
This commit is contained in:
parent
499e251796
commit
f097c029f3
|
@ -212,11 +212,11 @@ func main() {
|
|||
}
|
||||
|
||||
// Creating minimal directories structure
|
||||
os.MkdirAll(fic.FilesDir, 0777)
|
||||
os.MkdirAll(fic.FilesDir, 0751)
|
||||
os.MkdirAll(pki.PKIDir, 0711)
|
||||
os.MkdirAll(api.TeamsDir, 0777)
|
||||
os.MkdirAll(api.DashboardDir, 0777)
|
||||
os.MkdirAll(settings.SettingsDir, 0777)
|
||||
os.MkdirAll(api.TeamsDir, 0751)
|
||||
os.MkdirAll(api.DashboardDir, 0751)
|
||||
os.MkdirAll(settings.SettingsDir, 0751)
|
||||
|
||||
// Load rules plugins
|
||||
for _, p := range checkplugins {
|
||||
|
|
|
@ -47,8 +47,8 @@ func GenerateCA(notBefore time.Time, notAfter time.Time) error {
|
|||
}
|
||||
|
||||
// Ensure directories exists
|
||||
os.Mkdir(PKIDir, 0777)
|
||||
os.Mkdir(path.Join(PKIDir, "shared"), 0777)
|
||||
os.Mkdir(PKIDir, 0751)
|
||||
os.Mkdir(path.Join(PKIDir, "shared"), 0751)
|
||||
|
||||
pub, priv, err := GeneratePrivKey()
|
||||
if err != nil {
|
||||
|
|
|
@ -189,7 +189,7 @@ func getDestinationFilePath(URI string) string {
|
|||
}
|
||||
|
||||
func importFile(i Importer, URI string, dest string) error {
|
||||
if err := os.MkdirAll(path.Dir(dest), 0755); err != nil {
|
||||
if err := os.MkdirAll(path.Dir(dest), 0751); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
|
|
|
@ -64,7 +64,7 @@ func (i LocalImporter) importFile(URI string, next func(string, string) (interfa
|
|||
if i.Symlink {
|
||||
dest := getDestinationFilePath(URI)
|
||||
|
||||
if err := os.MkdirAll(path.Dir(dest), 0755); err != nil {
|
||||
if err := os.MkdirAll(path.Dir(dest), 0751); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
|
|
|
@ -107,7 +107,7 @@ func main() {
|
|||
|
||||
log.Println("Creating submission directory...")
|
||||
if _, err := os.Stat(path.Join(SubmissionDir, ".tmp")); os.IsNotExist(err) {
|
||||
if err := os.MkdirAll(path.Join(SubmissionDir, ".tmp"), 0777); err != nil {
|
||||
if err := os.MkdirAll(path.Join(SubmissionDir, ".tmp"), 0700); err != nil {
|
||||
log.Fatal("Unable to create submission directory: ", err)
|
||||
}
|
||||
}
|
||||
|
|
|
@ -39,7 +39,7 @@ func registrationProcess(id string, team *fic.Team, members []fic.Member, team_i
|
|||
teamDirPath := fmt.Sprintf("%d", team.Id)
|
||||
|
||||
// Create team directories into TEAMS
|
||||
if err := os.MkdirAll(path.Join(TeamsDir, teamDirPath), 0777); err != nil {
|
||||
if err := os.MkdirAll(path.Join(TeamsDir, teamDirPath), 0751); err != nil {
|
||||
log.Println(id, "[ERR]", err)
|
||||
}
|
||||
if err := os.Symlink(teamDirPath, path.Join(TeamsDir, team_id)); err != nil {
|
||||
|
|
|
@ -53,14 +53,14 @@ func main() {
|
|||
log.Println("Creating settingsDist directory...")
|
||||
TmpSettingsDistDirectory = path.Join(SettingsDistDir, ".tmp")
|
||||
if _, err := os.Stat(TmpSettingsDistDirectory); os.IsNotExist(err) {
|
||||
if err = os.MkdirAll(TmpSettingsDistDirectory, 0755); err != nil {
|
||||
if err = os.MkdirAll(TmpSettingsDistDirectory, 0751); err != nil {
|
||||
log.Fatal("Unable to create settingsdist directory:", err)
|
||||
}
|
||||
}
|
||||
|
||||
TmpSettingsDirectory = path.Join(settings.SettingsDir, ".tmp")
|
||||
if _, err := os.Stat(TmpSettingsDirectory); os.IsNotExist(err) {
|
||||
if err = os.MkdirAll(TmpSettingsDirectory, 0755); err != nil {
|
||||
if err = os.MkdirAll(TmpSettingsDirectory, 0751); err != nil {
|
||||
log.Fatal("Unable to create settings directory:", err)
|
||||
}
|
||||
}
|
||||
|
|
|
@ -172,7 +172,7 @@ func genTeamIssuesFile(teamid int64) error {
|
|||
}
|
||||
|
||||
if s, err := os.Stat(dirPath); os.IsNotExist(err) {
|
||||
os.MkdirAll(dirPath, 0777)
|
||||
os.MkdirAll(dirPath, 0751)
|
||||
} else if !s.IsDir() {
|
||||
return fmt.Errorf("%s is not a directory", dirPath)
|
||||
}
|
||||
|
@ -196,7 +196,7 @@ func genTeamMyFile(teamid int64) error {
|
|||
dirPath := path.Join(TeamsDir, fmt.Sprintf("%d", team.Id))
|
||||
|
||||
if s, err := os.Stat(dirPath); os.IsNotExist(err) {
|
||||
os.MkdirAll(dirPath, 0777)
|
||||
os.MkdirAll(dirPath, 0751)
|
||||
} else if !s.IsDir() {
|
||||
return fmt.Errorf("%s is not a directory", dirPath)
|
||||
}
|
||||
|
@ -236,7 +236,7 @@ func genMyPublicFile() error {
|
|||
dirPath := path.Join(TeamsDir, "public")
|
||||
|
||||
if s, err := os.Stat(dirPath); os.IsNotExist(err) {
|
||||
os.MkdirAll(dirPath, 0777)
|
||||
os.MkdirAll(dirPath, 0751)
|
||||
} else if !s.IsDir() {
|
||||
return fmt.Errorf("%s is not a directory", dirPath)
|
||||
}
|
||||
|
|
|
@ -124,7 +124,7 @@ func main() {
|
|||
}
|
||||
}
|
||||
|
||||
os.MkdirAll(path.Dir(*bind), 0777)
|
||||
os.MkdirAll(path.Dir(*bind), 0751)
|
||||
|
||||
unixListener, err := net.Listen("unix", *bind)
|
||||
if err != nil {
|
||||
|
|
|
@ -35,7 +35,7 @@ func saveTeamFile(p string, w http.ResponseWriter, r *http.Request) bool {
|
|||
func saveFile(p string, r *http.Request) error {
|
||||
dirname := path.Dir(p)
|
||||
if _, err := os.Stat(dirname); os.IsNotExist(err) {
|
||||
if err = os.MkdirAll(dirname, 0755); err != nil {
|
||||
if err = os.MkdirAll(dirname, 0751); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue