nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-03-11 09:04:54 +00:00
Code Issues Packages Projects Releases Wiki Activity
260 Commits 11 Branches 409 Tags 297 MiB
Commit Graph

260 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nick Daly
065c25039a Rewrote actions/privilegedactions.py to be less exploitable. 
I'm sure there are still some exploits in the code, but there are
certainly fewer now.  Instead of just executing whatever arguments are
passed into privilegedactions.privilegedaction_run, we now limit the
actions that can be run in the following ways:

- Only actions that exist in the actions directory can be executed.
  Attempting to run the action "echo; rm -rf /" will look for a file
  named "actions/echo; rm -rf /", of which there are none.

- Shell literals are escaped: attempting to run the "echo" action with
  options like "'hi'; rm -rf /") will echo "'hi'; rm -rf /".

- It is difficult to interact with the spawned process through this
  interface.  We can't control whether the spawned process allows
  interaction.

The details of the contract are included in privilegedactions.py, and
this contract is tested in privilegedactions_test.py.
 2013-10-27 10:46:06 -05:00
Nick Daly
4d529b7585 Moved privilegedactions to the actions directory. 2013-10-27 10:26:06 -05:00
Nick Daly
025c2aebc1 Forgot an Apache module: proxy_http. 
Without this module, Apache doesn't know how to proxy HTTP requests.
 2013-10-18 17:03:27 -05:00
Nick Daly
d84150b103 Fix DocumentRoot: Apache can serve Plinth's static files. 
Without this change, Apache tries to serve the static files from
/dev/null/static, which never exists, so users will see all exciting
manner of errors.

I've assumed that the correct directory is the default directory that
Freedom-Maker installs Plinth to, currently ``/home/fbx/plinth``.
Other distributions will need to patch this out to their preferred
location, like ``/usr/share/plinth/static``.
 2013-10-18 16:59:35 -05:00
Nick Daly
ee5609a2e3 Configure Apache correctly when installing Plinth. 
Apache configuration was missing a few modules, and the server needs
to be restarted after those modules are enabled.  Also, the server
needs to be reloaded after the Plinth site is enabled.
 2013-10-18 16:52:40 -05:00
Nick Daly
da7bd50a09 Corrected "Old Browser" warning: point to FireFox. 
It's inappropriate for the FreedomBox project to recommend Non-Free
Software.  Therefore, we point users to the current version of FireFox
if their browser is too old.
 2013-10-18 16:49:50 -05:00
Nick Daly
5ec749af8e Removed ExMachina from Plinth, it's no longer used. 2013-10-09 20:16:10 -05:00
Nick Daly
49046c0074 Merge pull request #36 from petterreinholdtsen/master 
Make sure 'make all' do not need privileges, and 'make install'
 2013-10-07 14:51:36 -07:00
Nick Daly
510dc822a9 Merge pull request #37 from petterreinholdtsen/handle-no-argument 
Add missing return statement to parse_arguments().
 2013-10-07 14:51:31 -07:00
Nick Daly
7ae7525e60 Merge pull request #38 from petterreinholdtsen/cleanup-init-d-script 
Clean up init.d script.
 2013-10-07 14:51:23 -07:00
Petter Reinholdtsen
5b9d3efcb0 Clean up init.d script. 
Run as user/group plinth, not www-data.
Rewrite to use lsb init-functions for starting/stopping and output.
Use /bin/sh instead of bash to speed up the boot.
 2013-10-07 22:15:06 +02:00
Petter Reinholdtsen
7a74199ad6 Add missing return statement to parse_arguments(). 2013-10-07 09:15:54 +02:00
Petter Reinholdtsen
80f39c545e Fix install path and target for share/apache2/plinth.conf. 2013-10-07 09:09:12 +02:00
Petter Reinholdtsen
7c5cec57b4 Make sure 'make all' do not need privileges, and 'make install' 
do not try to change stuff outside $(DESTDIR).  This make
sure debian packaging is possible.
 2013-10-07 09:00:26 +02:00
Nick Daly
692ac6fead Merge pull request #35 from jvalleroy/xmpp-service-module 
XMPP Service Module
 2013-10-06 19:25:47 -07:00
Nick Daly
a9c853e5bd Merged with upstream. 2013-10-06 21:21:43 -05:00
Nick Daly
04d9abfba6 Updated Makefile to reflect Apache config changes. 2013-10-06 21:17:18 -05:00
Nick Daly
c61e73245a Made URLs less absolute. 2013-10-06 21:11:08 -05:00
Nick Daly
54313fcb35 Update Plinth to handle new Apache config: 
- Remove custom https redirect code.
- Hang Plinth off of any directory.
 2013-10-06 21:04:29 -05:00
Nick Daly
4f2cb54f32 Updated Apache config to be a little more flexible. 2013-10-06 21:00:06 -05:00
Nick Daly
721fca19fc Remove support directory. 2013-10-06 17:30:37 -05:00
James Valleroy
41d57cc5fc Put quotes around variables in action scripts. 2013-10-05 18:16:55 -04:00
Nick Daly
5de7ecc99b Configure Apache by default. 2013-10-05 14:54:53 -05:00
Nick Daly
f11a97e060 Add Apache configs. 2013-10-05 14:38:00 -05:00
Nick Daly
63045d1928 Redirect all requests to HTTPS. 2013-10-05 14:36:07 -05:00
James Valleroy
17f3965db8 Added XMPP settings form with control of in-band registration. 2013-10-03 19:48:57 -04:00
James Valleroy
349517339d Check output of XMPP account registration. 2013-10-03 06:16:37 -04:00
James Valleroy
2fd1d6e7b2 Added action to register xmpp account. 2013-09-29 23:00:54 -04:00
James Valleroy
d0157e09ab Non-functional XMPP account registration form. 2013-09-29 22:28:26 -04:00
Nick Daly
eee02c0ca1 Merge pull request #34 from jvalleroy/bugfixes 
Bugfixes
 2013-09-29 13:03:59 -07:00
James Valleroy
cda21f395f Fix to avoid python error about non-ASCII character. 2013-09-28 18:06:03 -04:00
James Valleroy
4048e77738 Fixes for plinth.config when run from source folder. 2013-09-28 18:04:53 -04:00
Nick Daly
6c988755ac Merge pull request #30 from petterreinholdtsen/do-not-clean-vendor-destdir 
Avoid removing vendor and $(DESTDIR).
 2013-09-28 10:49:16 -07:00
Nick Daly
d722ca950f Merge pull request #31 from petterreinholdtsen/app-owncloud 
Add support for owncloud in the apps menu
 2013-09-28 10:48:39 -07:00
Nick Daly
f69549c480 Merge pull request #27 from petterreinholdtsen/forms-radio-buttons 
Add support for radio buttons.
 2013-09-28 10:46:32 -07:00
Nick Daly
6758aa0d36 Merge pull request #33 from petterreinholdtsen/handle-unknown-users 
Make sure login do not throw exception for unknown users.
 2013-09-28 10:33:48 -07:00
Petter Reinholdtsen
6630a8f3d5 Make sure login do not throw exception for unknown users. 2013-09-26 20:04:27 +02:00
Petter Reinholdtsen
7b9f6e09d3 Make sure apt do not ask questions when installing owncloud. 2013-09-26 13:26:21 +02:00
Petter Reinholdtsen
829e40198d Get owncloud enabling limping along. 2013-09-26 11:34:04 +02:00
Petter Reinholdtsen
55bf19865a Avoid removing vendor and $(DESTDIR). 
The vendor/ directory contain source used during build, and
$(DESTDIR) might point to /usr/.  Neither should be removed
in the clean target.
 2013-09-25 11:23:51 +02:00
Petter Reinholdtsen
fe33c348b4 First draft to add owncloud support. 2013-09-23 15:18:53 +02:00
Petter Reinholdtsen
444365ec78 Rewrite plinth to use sudo and action scripts instead of exmachina for privileged accesss. 2013-09-23 09:37:24 +02:00
Petter Reinholdtsen
3c78b92d04 Add support for radio buttons. 2013-09-19 12:35:16 +02:00
Nick Daly
0954d9d383 Merge pull request #17 from petterreinholdtsen/first-boot-create-user 
Create admin user on first boot.
 2013-09-17 19:59:19 -07:00
Petter Reinholdtsen
f24d1fb94d Merge branch 'master' into first-boot-create-user 
Resolve conflicts in modules/installed/first_boot.py.
 2013-09-16 05:27:57 +02:00
Nick Daly
c99f074f22 Use ExMachina already in Plinth/vendor. 2013-09-15 21:55:23 -05:00
Nick Daly
87753531d2 Reverted change 657068b0. 2013-09-15 21:47:18 -05:00
Nick Daly
b71e832683 Merged Petter's unify-ExMachina-and-Plinth changes. 2013-09-15 21:40:23 -05:00
Nick Daly
5002715cb6 Merge pull request #24 from petterreinholdtsen/first-boot-no-dead-end 
Provide a way to get out of the first-boot screen, even if it isn't read...
 2013-09-15 17:48:30 -07:00
Nick Daly
32a86a54b5 Merge pull request #19 from petterreinholdtsen/first-boot-set-hostname 
Change first_boot module to show and update current hostname,
 2013-09-15 17:43:31 -07:00