Security fix: Incorrect permission assignment for critical resource
This commit is contained in:
parent
499e251796
commit
f097c029f3
10 changed files with 17 additions and 17 deletions
|
@ -212,11 +212,11 @@ func main() {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Creating minimal directories structure
|
// Creating minimal directories structure
|
||||||
os.MkdirAll(fic.FilesDir, 0777)
|
os.MkdirAll(fic.FilesDir, 0751)
|
||||||
os.MkdirAll(pki.PKIDir, 0711)
|
os.MkdirAll(pki.PKIDir, 0711)
|
||||||
os.MkdirAll(api.TeamsDir, 0777)
|
os.MkdirAll(api.TeamsDir, 0751)
|
||||||
os.MkdirAll(api.DashboardDir, 0777)
|
os.MkdirAll(api.DashboardDir, 0751)
|
||||||
os.MkdirAll(settings.SettingsDir, 0777)
|
os.MkdirAll(settings.SettingsDir, 0751)
|
||||||
|
|
||||||
// Load rules plugins
|
// Load rules plugins
|
||||||
for _, p := range checkplugins {
|
for _, p := range checkplugins {
|
||||||
|
|
|
@ -47,8 +47,8 @@ func GenerateCA(notBefore time.Time, notAfter time.Time) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Ensure directories exists
|
// Ensure directories exists
|
||||||
os.Mkdir(PKIDir, 0777)
|
os.Mkdir(PKIDir, 0751)
|
||||||
os.Mkdir(path.Join(PKIDir, "shared"), 0777)
|
os.Mkdir(path.Join(PKIDir, "shared"), 0751)
|
||||||
|
|
||||||
pub, priv, err := GeneratePrivKey()
|
pub, priv, err := GeneratePrivKey()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
@ -189,7 +189,7 @@ func getDestinationFilePath(URI string) string {
|
||||||
}
|
}
|
||||||
|
|
||||||
func importFile(i Importer, URI string, dest string) error {
|
func importFile(i Importer, URI string, dest string) error {
|
||||||
if err := os.MkdirAll(path.Dir(dest), 0755); err != nil {
|
if err := os.MkdirAll(path.Dir(dest), 0751); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -64,7 +64,7 @@ func (i LocalImporter) importFile(URI string, next func(string, string) (interfa
|
||||||
if i.Symlink {
|
if i.Symlink {
|
||||||
dest := getDestinationFilePath(URI)
|
dest := getDestinationFilePath(URI)
|
||||||
|
|
||||||
if err := os.MkdirAll(path.Dir(dest), 0755); err != nil {
|
if err := os.MkdirAll(path.Dir(dest), 0751); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -107,7 +107,7 @@ func main() {
|
||||||
|
|
||||||
log.Println("Creating submission directory...")
|
log.Println("Creating submission directory...")
|
||||||
if _, err := os.Stat(path.Join(SubmissionDir, ".tmp")); os.IsNotExist(err) {
|
if _, err := os.Stat(path.Join(SubmissionDir, ".tmp")); os.IsNotExist(err) {
|
||||||
if err := os.MkdirAll(path.Join(SubmissionDir, ".tmp"), 0777); err != nil {
|
if err := os.MkdirAll(path.Join(SubmissionDir, ".tmp"), 0700); err != nil {
|
||||||
log.Fatal("Unable to create submission directory: ", err)
|
log.Fatal("Unable to create submission directory: ", err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -39,7 +39,7 @@ func registrationProcess(id string, team *fic.Team, members []fic.Member, team_i
|
||||||
teamDirPath := fmt.Sprintf("%d", team.Id)
|
teamDirPath := fmt.Sprintf("%d", team.Id)
|
||||||
|
|
||||||
// Create team directories into TEAMS
|
// Create team directories into TEAMS
|
||||||
if err := os.MkdirAll(path.Join(TeamsDir, teamDirPath), 0777); err != nil {
|
if err := os.MkdirAll(path.Join(TeamsDir, teamDirPath), 0751); err != nil {
|
||||||
log.Println(id, "[ERR]", err)
|
log.Println(id, "[ERR]", err)
|
||||||
}
|
}
|
||||||
if err := os.Symlink(teamDirPath, path.Join(TeamsDir, team_id)); err != nil {
|
if err := os.Symlink(teamDirPath, path.Join(TeamsDir, team_id)); err != nil {
|
||||||
|
|
|
@ -53,14 +53,14 @@ func main() {
|
||||||
log.Println("Creating settingsDist directory...")
|
log.Println("Creating settingsDist directory...")
|
||||||
TmpSettingsDistDirectory = path.Join(SettingsDistDir, ".tmp")
|
TmpSettingsDistDirectory = path.Join(SettingsDistDir, ".tmp")
|
||||||
if _, err := os.Stat(TmpSettingsDistDirectory); os.IsNotExist(err) {
|
if _, err := os.Stat(TmpSettingsDistDirectory); os.IsNotExist(err) {
|
||||||
if err = os.MkdirAll(TmpSettingsDistDirectory, 0755); err != nil {
|
if err = os.MkdirAll(TmpSettingsDistDirectory, 0751); err != nil {
|
||||||
log.Fatal("Unable to create settingsdist directory:", err)
|
log.Fatal("Unable to create settingsdist directory:", err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
TmpSettingsDirectory = path.Join(settings.SettingsDir, ".tmp")
|
TmpSettingsDirectory = path.Join(settings.SettingsDir, ".tmp")
|
||||||
if _, err := os.Stat(TmpSettingsDirectory); os.IsNotExist(err) {
|
if _, err := os.Stat(TmpSettingsDirectory); os.IsNotExist(err) {
|
||||||
if err = os.MkdirAll(TmpSettingsDirectory, 0755); err != nil {
|
if err = os.MkdirAll(TmpSettingsDirectory, 0751); err != nil {
|
||||||
log.Fatal("Unable to create settings directory:", err)
|
log.Fatal("Unable to create settings directory:", err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -172,7 +172,7 @@ func genTeamIssuesFile(teamid int64) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
if s, err := os.Stat(dirPath); os.IsNotExist(err) {
|
if s, err := os.Stat(dirPath); os.IsNotExist(err) {
|
||||||
os.MkdirAll(dirPath, 0777)
|
os.MkdirAll(dirPath, 0751)
|
||||||
} else if !s.IsDir() {
|
} else if !s.IsDir() {
|
||||||
return fmt.Errorf("%s is not a directory", dirPath)
|
return fmt.Errorf("%s is not a directory", dirPath)
|
||||||
}
|
}
|
||||||
|
@ -196,7 +196,7 @@ func genTeamMyFile(teamid int64) error {
|
||||||
dirPath := path.Join(TeamsDir, fmt.Sprintf("%d", team.Id))
|
dirPath := path.Join(TeamsDir, fmt.Sprintf("%d", team.Id))
|
||||||
|
|
||||||
if s, err := os.Stat(dirPath); os.IsNotExist(err) {
|
if s, err := os.Stat(dirPath); os.IsNotExist(err) {
|
||||||
os.MkdirAll(dirPath, 0777)
|
os.MkdirAll(dirPath, 0751)
|
||||||
} else if !s.IsDir() {
|
} else if !s.IsDir() {
|
||||||
return fmt.Errorf("%s is not a directory", dirPath)
|
return fmt.Errorf("%s is not a directory", dirPath)
|
||||||
}
|
}
|
||||||
|
@ -236,7 +236,7 @@ func genMyPublicFile() error {
|
||||||
dirPath := path.Join(TeamsDir, "public")
|
dirPath := path.Join(TeamsDir, "public")
|
||||||
|
|
||||||
if s, err := os.Stat(dirPath); os.IsNotExist(err) {
|
if s, err := os.Stat(dirPath); os.IsNotExist(err) {
|
||||||
os.MkdirAll(dirPath, 0777)
|
os.MkdirAll(dirPath, 0751)
|
||||||
} else if !s.IsDir() {
|
} else if !s.IsDir() {
|
||||||
return fmt.Errorf("%s is not a directory", dirPath)
|
return fmt.Errorf("%s is not a directory", dirPath)
|
||||||
}
|
}
|
||||||
|
|
|
@ -124,7 +124,7 @@ func main() {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
os.MkdirAll(path.Dir(*bind), 0777)
|
os.MkdirAll(path.Dir(*bind), 0751)
|
||||||
|
|
||||||
unixListener, err := net.Listen("unix", *bind)
|
unixListener, err := net.Listen("unix", *bind)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
@ -35,7 +35,7 @@ func saveTeamFile(p string, w http.ResponseWriter, r *http.Request) bool {
|
||||||
func saveFile(p string, r *http.Request) error {
|
func saveFile(p string, r *http.Request) error {
|
||||||
dirname := path.Dir(p)
|
dirname := path.Dir(p)
|
||||||
if _, err := os.Stat(dirname); os.IsNotExist(err) {
|
if _, err := os.Stat(dirname); os.IsNotExist(err) {
|
||||||
if err = os.MkdirAll(dirname, 0755); err != nil {
|
if err = os.MkdirAll(dirname, 0751); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Reference in a new issue