summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoe Rayhawk <jrayhawk@cobain.omgwallhack.org>2018-09-24 21:40:06 -0700
committerJoe Rayhawk <jrayhawk@cobain.omgwallhack.org>2018-09-24 21:40:06 -0700
commitd4535e3b1f60c6ecd57ed6b8cc4ad2358ad2a01e (patch)
tree537e0e3b854cd1f82024b59cc1a2afda7af2efb6
parent69965d3c022b04dd26df5f5e2b1217c438df0b4c (diff)
downloadpiny-code-d4535e3b1f60c6ecd57ed6b8cc4ad2358ad2a01e.tar.gz
piny-code-d4535e3b1f60c6ecd57ed6b8cc4ad2358ad2a01e.zip
libpiny: Piny::Repo: Restrict iwiwiki srcdirs
We would optimally like Ikiwiki source directories to be at least as restrictive as the git repositories they came from. For now, maximal restriction seems like a perfectly fine way to achieve this.
-rw-r--r--libpiny/lib/Piny/Repo.pm2
1 files changed, 2 insertions, 0 deletions
diff --git a/libpiny/lib/Piny/Repo.pm b/libpiny/lib/Piny/Repo.pm
index 61b4682..a319255 100644
--- a/libpiny/lib/Piny/Repo.pm
+++ b/libpiny/lib/Piny/Repo.pm
@@ -378,6 +378,8 @@ sub rebuild_ikiwiki {
system( "/bin/chown", "-R", $ikiuser->name . ".", $_ ) and die "Could not change ownership of ikiwiki directories!";
};
+ chmod( 0700, $s->ikiwiki_srcdir ) or die "Could not chmod $s->ikiwiki_srcdir: $!";
+
system( "/usr/bin/find " . $s->ikiwiki_srcdir . " -type d -name .ikiwiki -print0 | xargs -0 --no-run-if-empty rm -r") and die "Could not remove old Ikiwiki state dir!";
unless( -d $s->ikiwiki_srcdir . ".git" ) {