opnsense/src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-02-04 03:00:53 -06:00
Code Issues Packages Projects Releases Wiki Activity

etcupdate: Restrict access to the conflicts directory

Browse Source 
In the window during conflict resolution, copies of installed files with
conflicts are added here with the default mode.  Restrict access.

Approved by:	so
Security:	FreeBSD-SA-25:03.etcupdate
PR:		277470
Reviewed by:	philip, jhb, emaste
Differential Revision:	https://reviews.freebsd.org/D48576

(cherry picked from commit c43ae7ab4bf89c2b274c1cbefe663c456e9211d1)
(cherry picked from commit 93836ff92be84a1d4e7611577ffe116a0e30d008)
This commit is contained in:
Mark Johnston 2025-01-28 14:23:06 +00:00 committed by Franco Fichtner
parent e4ac2362cc
commit 8f742ba84e
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
usr.sbin/etcupdate/etcupdate.sh
View File

@ -1611,6 +1611,9 @@ EOF
# Initialize conflicts and warnings handling.
rm -f $WARNINGS
mkdir -p $CONFLICTS
if ! chmod 0700 ${CONFLICTS}; then
panic "Unable to set permissions on conflicts directory"
fi
# Ignore removed files for the pre-world case. A pre-world
# update uses a stripped-down tree.