nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-06-10 11:00:22 +00:00
Code Issues Packages Projects Releases Wiki Activity
FreedomBox/plinth/modules
History
Sunil Mohan Adapa a8400d07a6
searx: Ensure that socket is only reachable by Apache and root 
When the security access restrictions are removed from /etc/security/access.d,
we don't want users to bypass Apache access control and directly access the app.

Tests:

- Without the patch, the uwsgi socket file is with permissions 666 in
/run/uwsgi/apps/searx/socket. nc -U <socket> succeeds as non-admin user on the
system.

- Apply the patch and restart FreedomBox. searx set is run and uwsgi service is
restarted and permissions are 660 on /run/uwsgi/apps/searx/socket. nc -U
<socket> fails as non-admin user on the system.

Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
2022-12-05 20:46:43 -05:00
..
apache
apache: Fix logs still going into /var/log files
2022-10-09 08:53:46 -04:00
api
avahi
*: Use privileged decorator for service actions
2022-10-08 18:53:55 -04:00
backups
backups: Use privileged decorator for backup actions
2022-10-08 18:53:57 -04:00
bepasty
bepasty: Use privileged decorator for actions
2022-10-08 18:51:18 -04:00
bind
bind: Drop enabling DNSSEC (deprecated) as it is always enabled
2022-10-08 18:54:08 -04:00
calibre
action_utils: Drop support for non-systemd environments
2022-10-08 18:54:13 -04:00
cockpit
config
config: Drop legacy migration of Apache homepage settings
2022-10-08 18:54:10 -04:00
coturn
coturn: Use privileged decorator for actions
2022-10-08 18:51:42 -04:00
datetime
datetime: Use privileged decorator for actions
2022-10-08 18:51:45 -04:00
deluge
deluge: Use privileged decorator for actions
2022-10-08 18:51:48 -04:00
diagnostics
dynamicdns
dynamicdns: Use privileged decorator for actions
2022-10-08 18:51:51 -04:00
ejabberd
ejabberd: Enable mod_http_upload
2022-12-04 10:56:30 -08:00
email
email: Fix creation of aliases for security@ and usenet@
2022-11-21 19:37:50 -05:00
firewall
firewall: Use privileged decorator, drop showing running status
2022-10-08 18:52:00 -04:00
first_boot
gitweb
gitweb: Use privileged decorator for actions
2022-10-08 18:52:02 -04:00
help
help: Use privileged decorator for actions
2022-10-08 18:52:05 -04:00
i2p
i2p: Remove donation URL that is no longer available
2022-12-03 08:55:24 -05:00
ikiwiki
ikiwiki: Use privileged decorator for actions
2022-10-08 18:52:11 -04:00
infinoted
infinoted: Use privileged decorator for actions
2022-10-08 18:52:14 -04:00
janus
janus: Allow AF_UNIX and AF_NETLINK
2022-09-23 08:01:57 -04:00
jsxc
letsencrypt
letsencrypt: Fix regression with comparing certificate
2022-10-24 20:11:17 -04:00
matrixsynapse
matrix: Add fail2ban jail
2022-10-10 10:08:06 -07:00
mediawiki
mediawiki: Use privileged decorator for actions
2022-10-08 18:52:23 -04:00
minetest
minetest: Handle upgrade from 5.3.0 to 5.6.1
2022-11-04 16:38:01 -07:00
minidlna
minidlna: Use the exposed URL for diagnostic test
2022-10-08 18:52:31 -04:00
mumble
names
networks
networks: Use privileged decorator for actions
2022-10-08 18:52:35 -04:00
openvpn
openvpn: Drop RSA to ECC migration code and two-step setup
2022-10-08 18:52:41 -04:00
pagekite
*: Use privileged decorator for service actions
2022-10-08 18:53:55 -04:00
performance
power
*: Use privileged decorator for package actions
2022-10-08 18:54:00 -04:00
privacy
privacy: Remove unused import, fix pipline
2022-10-10 22:55:30 -07:00
privoxy
quassel
quassel: Use privileged decorator for actions
2022-10-08 18:52:50 -04:00
radicale
radicale: Use privileged decorator for actions
2022-10-08 18:52:53 -04:00
roundcube
roundcube: Minor update to comment in privileged actions
2022-10-08 18:52:55 -04:00
rssbridge
rssbridge: add option to allow public access
2022-10-24 12:02:10 -07:00
samba
samba: Use privileged decorator for actions
2022-10-08 18:53:47 -04:00
searx
searx: Ensure that socket is only reachable by Apache and root
2022-12-05 20:46:43 -05:00
security
fail2ban: Make fail2ban log to journald
2022-10-09 08:54:02 -04:00
shaarli
shadowsocks
shadowsocks: Use privileged decorator for actions
2022-10-08 18:53:07 -04:00
sharing
sharing: Use privileged decorator for actions
2022-10-08 18:53:10 -04:00
snapshot
snapshot: Use privileged decorator for actions
2022-10-08 18:53:13 -04:00
ssh
*: Use privileged decorator for service actions
2022-10-08 18:53:55 -04:00
sso
sso: Use privileged decorator for actions
2022-10-08 18:53:18 -04:00
storage
storage: Drop skip_recommends
2022-11-04 14:41:32 -07:00
syncthing
users: Use privileged decorator for actions
2022-10-08 18:53:52 -04:00
tor
tor: Use privileged decorator for actions
2022-10-08 18:53:24 -04:00
transmission
transmission: Minor update to privileged method signature
2022-10-08 18:53:27 -04:00
ttrss
ttrss: Use privileged decorator for actions
2022-10-08 18:53:30 -04:00
upgrades
upgrades: Add documentation link upgrades service file
2022-11-05 07:20:13 -04:00
users
*: Use privileged decorator for service actions
2022-10-08 18:53:55 -04:00
wireguard
wireguard: Us privileged decorator for actions
2022-10-08 18:53:36 -04:00
wordpress
wordpress: Update fail2ban filter
2022-10-09 08:53:56 -04:00
zoph
zoph: Use privileged decorator for actions
2022-10-08 18:53:41 -04:00
__init__.py