We use cookies to ensure you get the best experience on our website
首页 发现 帮助
注册 登录
0ct0pu5
/
servnest
1
0
派生 0
文件 工单管理 0 合并请求 0 Wiki
浏览代码

Fix symlink security flaw when sudoing chgrp

Miraty 3 年之前
父节点
ab09c84514
当前提交
2401da72c5
共有 1 个文件被更改,包括 1 次插入1 次删除
合并视图 显示文件统计
  1. 1 1
      public/auth/register.php

+ 1 - 1
public/auth/register.php
查看文件 

@@ -18,7 +18,7 @@ if (isset($_POST['username']) AND isset($_POST['password'])) {
 
 		umask(0002);
 
 		umask(0002);
 
 		if (mkdir(CONF['ht']['ht_path'] . "/" . $_POST['username'], 0775) !== true)
 
 		if (mkdir(CONF['ht']['ht_path'] . "/" . $_POST['username'], 0775) !== true)
 
 			serverError("Can't create user directory.");
 
 			serverError("Can't create user directory.");
 
-		exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['chgrp_path'] . " " . CONF['ht']['sftpgo_group'] . " " . CONF['ht']['ht_path'] . "/" . $_POST['username'], $stdout, $code);
 
+		exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['chgrp_path'] . " " . CONF['ht']['sftpgo_group'] . " " . CONF['ht']['ht_path'] . "/" . $_POST['username'] . " --no-dereference", $stdout, $code);
 
 		if ($code !== 0)
 
 		if ($code !== 0)
 
 			serverError("Can't change user directory group.");
 
 			serverError("Can't change user directory group.");

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5