Current time: 11-24-2024, 05:16 AM Hello There, Guest! (LoginRegister)


Post Reply 
Critical security issue
Author Message
sci2tech Away
Senior Member
****

Posts: 1,285
Joined: Jan 2007
Reputation: 23
Post: #6
RE: Critical security issue
A quick fix, that leave backup functional and prevent issue (diff against current trunk):
Code:
Index: ispcp-backup-all
===================================================================
--- ispcp-backup-all    (revision 3238)
+++ ispcp-backup-all    (working copy)
@@ -190,10 +190,10 @@
            return $rs;
        }

-        $rs = setfmode("$db_backup_file", $domain_uid, $domain_gid, 0660);
+        $rs = setfmode("$db_backup_file", 0, 0, 0444);
        if( $rs != 0 ){
-            push_el(\@main::el, 'backup_sql()', "Domain $dmn_name: ERROR: Can not chmod 0660 uid: $domain_uid gid: $domain_gid file $db_backup_file!");
-            send_error_mail('backup_sql()', "Domain $dmn_name: ERROR: Can not chmod 0660 uid: $domain_uid gid: $domain_gid file $db_backup_file!");
+            push_el(\@main::el, 'backup_sql()', "Domain $dmn_name: ERROR: Can not chmod 0444 uid: 0 gid: 0 file $db_backup_file!");
+            send_error_mail('backup_sql()', "Domain $dmn_name: ERROR: Can not chmod 0444 uid: 0 gid: 0 file $db_backup_file!");
            unlink($db_backup_file);
            return $rs;
        }
@@ -273,10 +273,17 @@
            #

            if (! -d $dmn_backup_dir) {
-                $rs = make_dir($dmn_backup_dir, $domain_uid, $domain_gid, 0770);
+                $rs = make_dir($dmn_backup_dir, 0 ,0, 0555);
                return $rs if ($rs != 0);
            }

+            #todo test mode and adjust only if necessary
+            $rs = setfmode($dmn_backup_dir, 0, 0, 0555);
+            if ($rs != 0){
+                push_el(\@main::el, 'backup_all_engine()', "Domain $dmn_name: Error while changing mode to 0555 uid: 0: 0 for $dmn_backup_dir!");
+                send_error_mail('backup_all_engine()', "Domain $dmn_name: Error while changing mode to 0555 uid: 0 gid: 0 for $dmn_backup_dir!");
+            }
+
            if ($zip =~ '^(bzip2|gzip|lzma|xz)$') {
                my $extension = undef;

@@ -321,10 +328,10 @@
                        send_error_mail('backup_all_engine()', "Domain $dmn_name: Error while executing $cmd_mv -f $www_dir/$backup_filename $dmn_backup_dir!");
                    }

-                    $rs = setfmode("$dmn_backup_dir/$backup_filename", $domain_uid, $domain_gid, 0660);
+                    $rs = setfmode("$dmn_backup_dir/$backup_filename", 0, 0, 0444);
                    if ($rs != 0){
-                        push_el(\@main::el, 'backup_all_engine()', "Domain $dmn_name: Error while changing mode to 0660 uid: $domain_uid gid: $domain_gid for $dmn_backup_dir/$backup_filename!");
-                        send_error_mail('backup_all_engine()', "Domain $dmn_name: Error while changing mode to 0660 uid: $domain_uid gid: $domain_gid for $dmn_backup_dir/$backup_filename!");
+                        push_el(\@main::el, 'backup_all_engine()', "Domain $dmn_name: Error while changing mode to 0444 uid: 0 gid: 0 for $dmn_backup_dir/$backup_filename!");
+                        send_error_mail('backup_all_engine()', "Domain $dmn_name: Error while changing mode to 0444 uid: 0 gid: 0 for $dmn_backup_dir/$backup_filename!");
                    }

                } else { # some error occurred
(This post was last modified: 08-30-2010 01:50 AM by sci2tech.)
08-30-2010 01:35 AM
Visit this user's website Find all posts by this user Quote this message in a reply
Post Reply 


Messages In This Thread
Critical security issue - sci2tech - 08-29-2010, 08:35 PM
RE: Minor security issue - gOOvER - 08-29-2010, 08:59 PM
RE: Minor security issue - sci2tech - 08-29-2010, 10:58 PM
RE: Critical security issue - sci2tech - 08-30-2010, 01:17 AM
RE: Critical security issue - kilburn - 08-30-2010, 01:23 AM
RE: Critical security issue - sci2tech - 08-30-2010 01:35 AM
RE: Critical security issue - iwik - 08-30-2010, 05:33 PM
RE: Critical security issue - sci2tech - 08-30-2010, 03:55 AM
RE: Critical security issue - kilburn - 08-30-2010, 06:44 PM
RE: Critical security issue - joximu - 08-30-2010, 07:01 PM
RE: Critical security issue - Nuxwin - 08-30-2010, 07:14 PM
RE: Critical security issue - joximu - 08-30-2010, 07:33 PM
RE: Critical security issue - BioALIEN - 08-30-2010, 11:19 PM

Forum Jump:


User(s) browsing this thread: 1 Guest(s)