We use cookies to ensure you get the best experience on our website
Home Explore Help
Register Sign In
0ct0pu5
/
servnest
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Fix symlink security flaw when sudoing chgrp

Miraty 3 years ago
parent
ab09c84514
commit
2401da72c5
1 changed files with 1 additions and 1 deletions
Split View Show Diff Stats
  1. 1 1
      public/auth/register.php

+ 1 - 1
public/auth/register.php
View File 

@@ -18,7 +18,7 @@ if (isset($_POST['username']) AND isset($_POST['password'])) {
 
 		umask(0002);
 
 		if (mkdir(CONF['ht']['ht_path'] . "/" . $_POST['username'], 0775) !== true)
 
 			serverError("Can't create user directory.");
 
-		exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['chgrp_path'] . " " . CONF['ht']['sftpgo_group'] . " " . CONF['ht']['ht_path'] . "/" . $_POST['username'], $stdout, $code);
 
+		exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['chgrp_path'] . " " . CONF['ht']['sftpgo_group'] . " " . CONF['ht']['ht_path'] . "/" . $_POST['username'] . " --no-dereference", $stdout, $code);
 
 		if ($code !== 0)
 
 			serverError("Can't change user directory group.");

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5