[X2Go-Commits] [x2goserver] 06/06: debian/*.postinst: Avoid recursive chmod/chown. Recursive chown/chmod is susceptible to hardlink attacks on mainline, non-Debian kernels.

Tue Aug 14 16:30:30 CEST 2018

This is an automated email from the git hooks/post-receive script.

x2go pushed a commit to branch master
in repository x2goserver.

commit 21505a5a9c9d072121384f18d662c623693f84a1
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date:   Tue Aug 14 16:29:47 2018 +0200

    debian/*.postinst: Avoid recursive chmod/chown. Recursive chown/chmod is susceptible to hardlink attacks on mainline, non-Debian kernels.
---
 debian/libx2go-server-db-perl.postinst | 3 ++-
 debian/x2goserver-printing.postinst    | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/debian/libx2go-server-db-perl.postinst b/debian/libx2go-server-db-perl.postinst
index 5a99ff5..13bf0c5 100755
--- a/debian/libx2go-server-db-perl.postinst
+++ b/debian/libx2go-server-db-perl.postinst
@@ -43,7 +43,8 @@ case "${1}" in
 				x2godbadmin --createdb
 			else
 				# make sure db permissions are set correctly
-				chown -R 'root:x2gouser' '/var/lib/x2go'
+				chown 'x2gouser:x2gouser' '/var/lib/x2go'
+				chown 'root:x2gouser' '/var/lib/x2go/x2go_sessions'
 				# egid x2gouser needs write access to the db dir (for temporary db journal file)
 				chmod '0770' '/var/lib/x2go'
 				# ... and to the db file itself, of course
diff --git a/debian/x2goserver-printing.postinst b/debian/x2goserver-printing.postinst
index 3d7cf9f..66b70ea 100755
--- a/debian/x2goserver-printing.postinst
+++ b/debian/x2goserver-printing.postinst
@@ -60,7 +60,7 @@ case "${1}" in
 		fi
 
 		# make sure x2goprint spool dir permissions are set correctly
-		chown -R 'x2goprint:x2goprint' '/var/spool/x2goprint'
+		chown 'x2goprint:x2goprint' '/var/spool/x2goprint'
 
 		# egid x2goprint needs write access to the spool dir
 		chmod '0700' '/var/spool/x2goprint'

--
Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/x2goserver.git
