beenull/servnest
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix symlink security flaw when sudoing chgrp

Browse source
This commit is contained in:
Miraty 2022-06-10 14:53:25 +02:00
parent ab09c84514
commit 2401da72c5
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
public/auth/register.php
View file

@ -18,7 +18,7 @@ if (isset($_POST['username']) AND isset($_POST['password'])) {
umask(0002);
if (mkdir(CONF['ht']['ht_path'] . "/" . $_POST['username'], 0775) !== true)
serverError("Can't create user directory.");
exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['chgrp_path'] . " " . CONF['ht']['sftpgo_group'] . " " . CONF['ht']['ht_path'] . "/" . $_POST['username'], $stdout, $code);
exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['chgrp_path'] . " " . CONF['ht']['sftpgo_group'] . " " . CONF['ht']['ht_path'] . "/" . $_POST['username'] . " --no-dereference", $stdout, $code);
if ($code !== 0)
serverError("Can't change user directory group.");