servnest
/
servnest
1
1
Fork 0
Code Issues 4 Pull Requests Releases Wiki Activity

Fix symlink security flaw when sudoing chgrp

This commit is contained in:
Miraty 2022-06-10 14:53:25 +02:00
parent ab09c84514
commit 2401da72c5
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
public/auth/register.php
View File

@ -18,7 +18,7 @@ if (isset($_POST['username']) AND isset($_POST['password'])) {
umask(0002);
if (mkdir(CONF['ht']['ht_path'] . "/" . $_POST['username'], 0775) !== true)
serverError("Can't create user directory.");
exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['chgrp_path'] . " " . CONF['ht']['sftpgo_group'] . " " . CONF['ht']['ht_path'] . "/" . $_POST['username'], $stdout, $code);
exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['chgrp_path'] . " " . CONF['ht']['sftpgo_group'] . " " . CONF['ht']['ht_path'] . "/" . $_POST['username'] . " --no-dereference", $stdout, $code);
if ($code !== 0)
serverError("Can't change user directory group.");