nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-05-27 10:44:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

config: Don't pass configuration file argument to action

Browse Source 
Due to security risk that a compromised Plinth process will give adversary the
ability to write to any file on the system.

Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
This commit is contained in:
Sunil Mohan Adapa 2019-03-01 12:58:21 -08:00
parent d1d3eae3db
commit 2aef91b187
No known key found for this signature in database
GPG Key ID: 43EA1CFF0AA7C5F2
2 changed files with 8 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
actions/config
View File

@ -26,7 +26,8 @@ import os
import augeas import augeas
from plinth import action_utils from plinth import action_utils
from plinth.modules.config import APACHE_HOMEPAGE_CONF_FILE_NAME from plinth.modules.config import (APACHE_HOMEPAGE_CONF_FILE_NAME,
FREEDOMBOX_APACHE_CONFIG)
def parse_arguments(): def parse_arguments():
@ -40,11 +41,8 @@ def parse_arguments():
set_home_page.add_argument('homepage', set_home_page.add_argument('homepage',
help='path to the webserver home page') help='path to the webserver home page')
reset_home_page = subparsers.add_parser( subparsers.add_parser('reset-home-page',
'reset-home-page', help='Reset the homepage of the Apache server.') help='Reset the homepage of the Apache server.')
reset_home_page.add_argument(
'--config', default=APACHE_HOMEPAGE_CONF_FILE_NAME,
help='(optional) path to the Apache config file')
subparsers.required = True subparsers.required = True
return parser.parse_args() return parser.parse_args()
@ -63,12 +61,9 @@ def subcommand_set_home_page(arguments):
action_utils.webserver_enable('freedombox-apache-homepage') action_utils.webserver_enable('freedombox-apache-homepage')
def subcommand_reset_home_page(arguments): def subcommand_reset_home_page(_):
"""Sets the Apache web server's home page to the default - /plinth """Sets the Apache web server's home page to the default - /plinth."""
config_file = FREEDOMBOX_APACHE_CONFIG
The config file path can be optionally passed as an argument.
"""
config_file = arguments.config
default_path = 'plinth' default_path = 'plinth'
aug = augeas.Augeas( aug = augeas.Augeas(

3
plinth/modules/config/__init__.py
View File

@ -124,8 +124,7 @@ def _migrate_home_page_config():
home_page_path = get_home_page().replace('_', '/') home_page_path = get_home_page().replace('_', '/')
# Reset the home page to plinth in freedombox.conf # Reset the home page to plinth in freedombox.conf
actions.superuser_run( actions.superuser_run('config', ['reset-home-page'])
'config', ['reset-home-page', '--config', FREEDOMBOX_APACHE_CONFIG])
# Write the home page setting into the new conf file # Write the home page setting into the new conf file
# This step is run at the end because it reloads the Apache server # This step is run at the end because it reloads the Apache server