From 63f83da6cf26c8b74fdc4117153cd3760b66a9e7 Mon Sep 17 00:00:00 2001 From: nachoparker Date: Wed, 9 May 2018 17:20:54 +0200 Subject: avoid temp dir vulnerabilities --- bin/ncp-check-version | 9 ++++----- bin/ncp-update | 10 +++++----- changelog.md | 4 +++- 3 files changed, 12 insertions(+), 11 deletions(-) diff --git a/bin/ncp-check-version b/bin/ncp-check-version index 97182f4c..45ffc3fc 100755 --- a/bin/ncp-check-version +++ b/bin/ncp-check-version @@ -2,14 +2,15 @@ # update latest available version in /var/run/.ncp-latest-version -rm -rf /tmp/ncp-check-tmp +TMPDIR="$( mktemp -d /tmp/ncp-check.XXXXXX || ( echo "Failed to create temp dir. Exiting" >&2; exit 1 ) )" +trap "rm -rf \"${TMPDIR}\"; exit 0" 0 1 2 3 15 -git clone --depth 20 -q --bare https://github.com/nextcloud/nextcloudpi.git /tmp/ncp-check-tmp || { +git clone --depth 20 -q --bare https://github.com/nextcloud/nextcloudpi.git "$TMPDIR" || { echo "The git clone command failed: No connectivity to https://github.com ?" exit 1 } -cd /tmp/ncp-check-tmp || exit 1 +cd "$TMPDIR" || exit 1 VER=$( git describe --always --tags | grep -oP "v\d+\.\d+\.\d+" ) grep -qP "v\d+\.\d+\.\d+" <<< "$VER" && { # check format echo "$VER" > /var/run/.ncp-latest-version @@ -22,5 +23,3 @@ grep -qP "v\d+\.\d+\.\d+" <<< "$VER" && { # check format sed 's|* \[tag: |[|' > /usr/local/etc/ncp-changelog } cd / || exit 1 - -rm -rf /tmp/ncp-check-tmp diff --git a/bin/ncp-update b/bin/ncp-update index 0df91fa9..9e753e80 100755 --- a/bin/ncp-update +++ b/bin/ncp-update @@ -8,14 +8,15 @@ BRANCH="${1:-master}" [[ "$BRANCH" != "master" ]] && echo "INFO: updating to development branch '$BRANCH'" - echo -e "Downloading updates" - rm -rf /tmp/ncp-update-tmp + TMPDIR="$( mktemp -d /tmp/ncp-update.XXXXXX || ( echo "Failed to create temp dir. Exiting" >&2; exit 1 ) )" + trap "rm -rf \"${TMPDIR}\"; exit 0" 0 1 2 3 15 - git clone --depth 20 -b "$BRANCH" -q https://github.com/nextcloud/nextcloudpi.git /tmp/ncp-update-tmp || { + echo -e "Downloading updates" + git clone --depth 20 -b "$BRANCH" -q https://github.com/nextcloud/nextcloudpi.git "$TMPDIR" || { echo "No internet connectivity" exit 1 } - cd /tmp/ncp-update-tmp + cd "$TMPDIR" echo -e "Performing updates" ./update.sh && { @@ -36,7 +37,6 @@ } cd / - rm -rf /tmp/ncp-update-tmp exit } # force to read the whole thing into memory, as its contents might change in update.sh diff --git a/changelog.md b/changelog.md index 57fbe753..bdfdafb8 100644 --- a/changelog.md +++ b/changelog.md @@ -1,5 +1,7 @@ -[v0.54.3](https://github.com/nextcloud/nextcloudpi/commit/921b583) (2018-05-03) nc-datadir: avoid using occ for faster execution +[v0.54.4](https://github.com/nextcloud/nextcloudpi/commit/36fed66) (2018-05-09) avoid temp dir vulnerabilities + +[v0.54.3 ](https://github.com/nextcloud/nextcloudpi/commit/66dfbd0) (2018-05-03) nc-datadir: avoid using occ for faster execution [v0.54.2 ](https://github.com/nextcloud/nextcloudpi/commit/ebfb7f1) (2018-05-03) samba: restart after configuration change -- cgit v1.2.3