git: c1c180910d46 - releng/13.4 - etcupdate: Restrict access to the conflicts directory
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 29 Jan 2025 18:55:30 UTC
The branch releng/13.4 has been updated by markj:
URL: https://cgit.FreeBSD.org/src/commit/?id=c1c180910d4677b00c7651d72b13f63f8f1c646c
commit c1c180910d4677b00c7651d72b13f63f8f1c646c
Author: Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2025-01-28 14:23:06 +0000
Commit: Mark Johnston <markj@FreeBSD.org>
CommitDate: 2025-01-29 17:02:44 +0000
etcupdate: Restrict access to the conflicts directory
In the window during conflict resolution, copies of installed files with
conflicts are added here with the default mode. Restrict access.
Approved by: so
Security: FreeBSD-SA-25:03.etcupdate
PR: 277470
Reviewed by: philip, jhb, emaste
Differential Revision: https://reviews.freebsd.org/D48576
(cherry picked from commit c43ae7ab4bf89c2b274c1cbefe663c456e9211d1)
(cherry picked from commit 17e935f1f327d7d4464e53f4f3d2347a51623f82)
---
usr.sbin/etcupdate/etcupdate.sh | 3 +++
1 file changed, 3 insertions(+)
diff --git a/usr.sbin/etcupdate/etcupdate.sh b/usr.sbin/etcupdate/etcupdate.sh
index 6d8f58d39c54..ed259da7420f 100755
--- a/usr.sbin/etcupdate/etcupdate.sh
+++ b/usr.sbin/etcupdate/etcupdate.sh
@@ -1561,6 +1561,9 @@ EOF
# Initialize conflicts and warnings handling.
rm -f $WARNINGS
mkdir -p $CONFLICTS
+ if ! chmod 0700 ${CONFLICTS}; then
+ panic "Unable to set permissions on conflicts directory"
+ fi
# Ignore removed files for the pre-world case. A pre-world
# update uses a stripped-down tree.