From d4535e3b1f60c6ecd57ed6b8cc4ad2358ad2a01e Mon Sep 17 00:00:00 2001 From: Joe Rayhawk Date: Mon, 24 Sep 2018 21:40:06 -0700 Subject: libpiny: Piny::Repo: Restrict iwiwiki srcdirs We would optimally like Ikiwiki source directories to be at least as restrictive as the git repositories they came from. For now, maximal restriction seems like a perfectly fine way to achieve this. --- libpiny/lib/Piny/Repo.pm | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libpiny/lib/Piny/Repo.pm b/libpiny/lib/Piny/Repo.pm index 61b4682..a319255 100644 --- a/libpiny/lib/Piny/Repo.pm +++ b/libpiny/lib/Piny/Repo.pm @@ -378,6 +378,8 @@ sub rebuild_ikiwiki { system( "/bin/chown", "-R", $ikiuser->name . ".", $_ ) and die "Could not change ownership of ikiwiki directories!"; }; + chmod( 0700, $s->ikiwiki_srcdir ) or die "Could not chmod $s->ikiwiki_srcdir: $!"; + system( "/usr/bin/find " . $s->ikiwiki_srcdir . " -type d -name .ikiwiki -print0 | xargs -0 --no-run-if-empty rm -r") and die "Could not remove old Ikiwiki state dir!"; unless( -d $s->ikiwiki_srcdir . ".git" ) { -- cgit v1.2.3