diff options
author | Joe Rayhawk <jrayhawk@cobain.omgwallhack.org> | 2018-09-24 21:40:06 -0700 |
---|---|---|
committer | Joe Rayhawk <jrayhawk@cobain.omgwallhack.org> | 2018-09-24 21:40:06 -0700 |
commit | d4535e3b1f60c6ecd57ed6b8cc4ad2358ad2a01e (patch) | |
tree | 537e0e3b854cd1f82024b59cc1a2afda7af2efb6 | |
parent | 69965d3c022b04dd26df5f5e2b1217c438df0b4c (diff) | |
download | piny-code-d4535e3b1f60c6ecd57ed6b8cc4ad2358ad2a01e.tar.gz piny-code-d4535e3b1f60c6ecd57ed6b8cc4ad2358ad2a01e.zip |
libpiny: Piny::Repo: Restrict iwiwiki srcdirs
We would optimally like Ikiwiki source directories to be at least as
restrictive as the git repositories they came from. For now, maximal
restriction seems like a perfectly fine way to achieve this.
-rw-r--r-- | libpiny/lib/Piny/Repo.pm | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/libpiny/lib/Piny/Repo.pm b/libpiny/lib/Piny/Repo.pm index 61b4682..a319255 100644 --- a/libpiny/lib/Piny/Repo.pm +++ b/libpiny/lib/Piny/Repo.pm @@ -378,6 +378,8 @@ sub rebuild_ikiwiki { system( "/bin/chown", "-R", $ikiuser->name . ".", $_ ) and die "Could not change ownership of ikiwiki directories!"; }; + chmod( 0700, $s->ikiwiki_srcdir ) or die "Could not chmod $s->ikiwiki_srcdir: $!"; + system( "/usr/bin/find " . $s->ikiwiki_srcdir . " -type d -name .ikiwiki -print0 | xargs -0 --no-run-if-empty rm -r") and die "Could not remove old Ikiwiki state dir!"; unless( -d $s->ikiwiki_srcdir . ".git" ) { |