diff options
| author |  Alexandre Alapetite <alexandre@alapetite.fr>
| 2023-02-06 15:42:53 +0100 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2023-02-06 15:42:53 +0100 |
| commit | e899e4edd97c296a29b2a8da2c2e3b598622c36e (patch) | |
| tree | 3a1c0f3afe381ffc7e7954fd0e2e8cc43e8a54fe /lib | |
| parent | de2077b56388c5196d5c1ddcbbd4a141ea8cf67b (diff) | |
More robust application of access permissions (#5062)
* More robust application of access permissions
We were in particular missing directory traversal `+X` in our current recommendations.
Extracted to own shell script so it can easily be invoked.
Update access permissions in Docker to account to be more robust.
#fix https://github.com/FreshRSS/FreshRSS/discussions/5037
* Minor simplification
* Restrict mkdir permissions
Default mkdir permissions are 0777, which is not good for security, so downgrade to 0770.
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/Minz/Migrator.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/Minz/Migrator.php b/lib/Minz/Migrator.php index 0f28237c5..ef89a3b55 100644 --- a/lib/Minz/Migrator.php +++ b/lib/Minz/Migrator.php @@ -55,7 +55,7 @@ class Minz_Migrator } $lock_path = $applied_migrations_path . '.lock'; - if (!@mkdir($lock_path)) { + if (!@mkdir($lock_path, 0770, true)) { // Someone is probably already executing the migrations (the folder // already exists). // We should probably return something else, but we don't want the |