diff --git a/openbsd b/openbsd index d484188..4a13343 100755 --- a/openbsd +++ b/openbsd @@ -922,27 +922,30 @@ class Rlib: ls.append('') ls.append('. /etc/rc.d/rc.subr') ls.append('') - + ls.append('safe_executable() {') + ls.append(' [ -x "$1" ] && [[ $((8#$(stat -f "%p" "$1") & 8#022)) == 0 ]] && [[ $(stat -f "%u" "$1") == 0 ]]') + ls.append('}') + ls.append('') ls.append('rc_start() {') - ls.append(' if [ -x "/etc/acme.pre" ]; then') - ls.append(' rc_exec "/etc/acme.pre"; _ret=$?') - ls.append(' if [[ ${_ret} != 0 ]]; then') - ls.append(' return ${_ret}') - ls.append(' fi') - ls.append(' fi') + ls.append(' if safe_executable "/etc/acme.pre"; then') + ls.append(' rc_exec "/etc/acme.pre"; _ret=$?') + ls.append(' if [[ ${_ret} != 0 ]]; then') + ls.append(' return ${_ret}') + ls.append(' fi') + ls.append(' fi') ls.append('') - ls.append(' rc_exec "${daemon} ${daemon_flags}"; _ret=$?') - ls.append(' ') - ls.append(' if [[ ${_ret} == 0 ]]; then') - ls.append(' if [ -x "/etc/acme.post" ]; then') - ls.append(' rc_exec "/etc/acme.post"; _ret=$?') - ls.append(' return ${_ret}') - ls.append(' fi') - ls.append(' elif [[ ${_ret} == 2 ]]; then') - ls.append(' return 0') - ls.append(' else') - ls.append(' return ${_ret}') - ls.append(' fi') + ls.append(' rc_exec "${daemon} ${daemon_flags}"; _ret=$?') + ls.append(' ') + ls.append(' if [[ ${_ret} == 0 ]]; then') + ls.append(' if safe_executable "/etc/acme.post"; then') + ls.append(' rc_exec "/etc/acme.post"; _ret=$?') + ls.append(' return ${_ret}') + ls.append(' fi') + ls.append(' elif [[ ${_ret} == 2 ]]; then') + ls.append(' return 0') + ls.append(' else') + ls.append(' return ${_ret}') + ls.append(' fi') ls.append('}') ls.append('') ls.append('rc_cmd $1')