Skip to content

Commit

Permalink
Check permissions of the acme.pre and post scripts
Browse files Browse the repository at this point in the history
  • Loading branch information
@rootmos
rootmos committed Dec 21, 2023
1 parent 7b80954 commit 2c4683c
Showing 1 changed file with 22 additions and 19 deletions.
41 changes: 22 additions & 19 deletions openbsd
View file
Original file line number Diff line number Diff line change
Expand Up @@ -922,27 +922,30 @@ class Rlib:
ls.append('')
ls.append('. /etc/rc.d/rc.subr')
ls.append('')

ls.append('safe_executable() {')
ls.append(' [ -x "$1" ] && [[ $((8#$(stat -f "%p" "$1") & 8#022)) == 0 ]] && [[ $(stat -f "%u" "$1") == 0 ]]')
ls.append('}')
ls.append('')
ls.append('rc_start() {')
ls.append(' if [ -x "/etc/acme.pre" ]; then')
ls.append(' rc_exec "/etc/acme.pre"; _ret=$?')
ls.append(' if [[ ${_ret} != 0 ]]; then')
ls.append(' return ${_ret}')
ls.append(' fi')
ls.append(' fi')
ls.append(' if safe_executable "/etc/acme.pre"; then')
ls.append(' rc_exec "/etc/acme.pre"; _ret=$?')
ls.append(' if [[ ${_ret} != 0 ]]; then')
ls.append(' return ${_ret}')
ls.append(' fi')
ls.append(' fi')
ls.append('')
ls.append(' rc_exec "${daemon} ${daemon_flags}"; _ret=$?')
ls.append(' ')
ls.append(' if [[ ${_ret} == 0 ]]; then')
ls.append(' if [ -x "/etc/acme.post" ]; then')
ls.append(' rc_exec "/etc/acme.post"; _ret=$?')
ls.append(' return ${_ret}')
ls.append(' fi')
ls.append(' elif [[ ${_ret} == 2 ]]; then')
ls.append(' return 0')
ls.append(' else')
ls.append(' return ${_ret}')
ls.append(' fi')
ls.append(' rc_exec "${daemon} ${daemon_flags}"; _ret=$?')
ls.append(' ')
ls.append(' if [[ ${_ret} == 0 ]]; then')
ls.append(' if safe_executable "/etc/acme.post"; then')
ls.append(' rc_exec "/etc/acme.post"; _ret=$?')
ls.append(' return ${_ret}')
ls.append(' fi')
ls.append(' elif [[ ${_ret} == 2 ]]; then')
ls.append(' return 0')
ls.append(' else')
ls.append(' return ${_ret}')
ls.append(' fi')
ls.append('}')
ls.append('')
ls.append('rc_cmd $1')
Expand Down

0 comments on commit 2c4683c

Please sign in to comment.