mirror of
https://github.com/freedombox/FreedomBox.git
synced 2026-01-28 08:03:36 +00:00
a8400d07a6
When the security access restrictions are removed from /etc/security/access.d, we don't want users to bypass Apache access control and directly access the app. Tests: - Without the patch, the uwsgi socket file is with permissions 666 in /run/uwsgi/apps/searx/socket. nc -U <socket> succeeds as non-admin user on the system. - Apply the patch and restart FreedomBox. searx set is run and uwsgi service is restarted and permissions are 660 on /run/uwsgi/apps/searx/socket. nc -U <socket> fails as non-admin user on the system. Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org> Reviewed-by: James Valleroy <jvalleroy@mailbox.org>