Ignore:
Timestamp:
2014-09-30T14:49:43+13:00 (10 years ago)
Author:
sjm84
Message:

Removing execute permissions on all scripts that don't have cgi or pl file extensions. This is to circumvent the current vulnerability that exists with executable bash scripts

File:
1 edited

Legend:

Unmodified
Added
Removed

  • main/trunk/release-kits/kits/rk2/installer/build.xml

    r27026 r29340  
    115115        <chmod dir="${installDir}" includes="*.sh,*.bash" perm="775"/>
    116116        <chmod dir="${installDir}/bin" includes="*" perm="775"/>
    117         <chmod dir="${installDir}/cgi-bin/${shell.name}" includes="*" perm="775"/>
     117        <!-- to circumvent the Shellshock Bash bug vulnerability,
     118        do not give execute permissions to bash files (*.*sh, or no file extension)
     119        At present, the "getior" file is the only  bash script here.
     120        The other executables here have *.cgi, *.pl extensions.-->
     121        <chmod dir="${installDir}/cgi-bin/${shell.name}" includes="*.cgi,*.pl" perm="775"/>
    118122        <chmod dir="${installDir}/bin/script" includes="**/*" perm="775"/>
    119123        <chmod dir="${installDir}/gli" includes="*.sh" perm="775"/>
Note: See TracChangeset for help on using the changeset viewer.