diff options
author | Joe Rayhawk <jrayhawk@baldrick.omgwallhack.org> | 2021-10-03 19:59:21 -0700 |
---|---|---|
committer | Joe Rayhawk <jrayhawk@baldrick.omgwallhack.org> | 2021-10-03 19:59:21 -0700 |
commit | 40077107f4ec82f78d2f1456343f90339a10e73f (patch) | |
tree | 7ae62b97490fc7d47b3a9d03ad6819703091473a /libpiny/lib | |
parent | a58d8de499e928b06820b39274bfd477f93a473b (diff) | |
download | piny-code-40077107f4ec82f78d2f1456343f90339a10e73f.tar.gz piny-code-40077107f4ec82f78d2f1456343f90339a10e73f.zip |
Piny::Repo: Fix hook security checks.
Diffstat (limited to 'libpiny/lib')
-rw-r--r-- | libpiny/lib/Piny/Repo.pm | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/libpiny/lib/Piny/Repo.pm b/libpiny/lib/Piny/Repo.pm index 6e546d5..c4ec47a 100644 --- a/libpiny/lib/Piny/Repo.pm +++ b/libpiny/lib/Piny/Repo.pm @@ -328,17 +328,17 @@ sub rebuild_git { # FIXME: most of these are probably unnecessary to check due to limitations of bare repositories. foreach( "applypatch-msg", "pre-applypatch", "post-applypatch", "pre-commit", "prepare-commit-msg", "commit-msg", "post-commit", "pre-rebase", "post-checkout", "post-merge", "pre-push", "pre-receive", "update", "post-receive", "post-update", "push-to-checkout", "pre-auto-gc", "post-rewrite", "sendemail-validate", "fsmonitor-watchman" ) { my $link = $s->path . "/hooks/" . $_; - while ( -s $link ) { + while ( -l $link ) { $link = readlink( $link ); }; my ( $dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size,$atime,$mtime,$ctime,$blksize,$blocks ) = stat( $link ) or next; my $name = getpwuid( $uid ) or die "Unable to find name for uid" . $uid . "for hook " . $s->path . "/hooks/" . $_ . "\n"; my $group = getgrgid( $gid ) or die "Unable to find group for gid" . $gid . "for hook " . $s->path . "/hooks/" . $_ . "\n"; - unless ( $name =~ /^(root|iki-$s->shortname)/ ) { - warn( "Security warning: $link is not owned by user root or iki-$s->shortname!\n" ); + unless ( $name =~ /^(root|iki-$s->{shortname})/ ) { + warn( "Security warning: $link is not owned by user root or iki-$s->{shortname}!\n" ); }; - unless ( $group =~ /^(root|iki-$s->shortname|git-$s->shortname)$/ ) { - warn( "Security warning: $link is not owned by group root, iki-$s->shortname, or git-$s->shortname!\n" ); + unless ( $group =~ /^(root|iki-$s->{shortname}|git-$s->{shortname})$/ ) { + warn( "Security warning: $link is not owned by group root, iki-$s->{shortname}, or git-$s->{shortname}!\n" ); }; }; |