summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLennart Weller <lhw@ring0.de>2016-05-25 11:43:58 +0000
committerLennart Weller <lhw@ring0.de>2016-05-25 11:43:58 +0000
commit180e2e13a447ca742f9f2b2ba381fd3fa29e059c (patch)
tree13af71e3cc67627cc1943c2cd54d388544f89388
parentmangle debian version (diff)
downloadnetdata-180e2e13a447ca742f9f2b2ba381fd3fa29e059c.tar.xz
netdata-180e2e13a447ca742f9f2b2ba381fd3fa29e059c.zip
file serving as root
-rw-r--r--debian/patches/0002-remove-file-serve-ownership-restrictions-for-root.patch38
-rw-r--r--debian/patches/series1
2 files changed, 39 insertions, 0 deletions
diff --git a/debian/patches/0002-remove-file-serve-ownership-restrictions-for-root.patch b/debian/patches/0002-remove-file-serve-ownership-restrictions-for-root.patch
new file mode 100644
index 00000000..41ecfb07
--- /dev/null
+++ b/debian/patches/0002-remove-file-serve-ownership-restrictions-for-root.patch
@@ -0,0 +1,38 @@
+From: Lennart Weller <lhw@ring0.de>
+Date: Wed, 25 May 2016 13:43:32 +0200
+Subject: remove file serve ownership restrictions for root
+
+---
+ src/web_client.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/web_client.c b/src/web_client.c
+index 601dda0..1b631bc 100644
+--- a/src/web_client.c
++++ b/src/web_client.c
+@@ -339,14 +339,14 @@ int mysendfile(struct web_client *w, char *filename)
+ }
+
+ // check if the file is owned by expected user
+- if(stat.st_uid != web_files_uid()) {
++ if(stat.st_uid != web_files_uid() && stat.st_uid != 0) {
+ error("%llu: File '%s' is owned by user %d (expected user %d). Access Denied.", w->id, webfilename, stat.st_uid, web_files_uid());
+ buffer_sprintf(w->response.data, "Access to file '%s' is not permitted.", webfilename);
+ return 403;
+ }
+
+ // check if the file is owned by expected group
+- if(stat.st_gid != web_files_gid()) {
++ if(stat.st_gid != web_files_gid() && stat.st_gid != 0) {
+ error("%llu: File '%s' is owned by group %d (expected group %d). Access Denied.", w->id, webfilename, stat.st_gid, web_files_gid());
+ buffer_sprintf(w->response.data, "Access to file '%s' is not permitted.", webfilename);
+ return 403;
+@@ -357,7 +357,7 @@ int mysendfile(struct web_client *w, char *filename)
+ return mysendfile(w, webfilename);
+ }
+
+- if((stat.st_mode & S_IFMT) != S_IFREG) {
++ if((stat.st_mode & S_IFMT) != S_IFREG && (stat.st_mode & S_IFMT) != S_IFLNK) {
+ error("%llu: File '%s' is not a regular file. Access Denied.", w->id, webfilename);
+ buffer_sprintf(w->response.data, "Access to file '%s' is not permitted.", webfilename);
+ return 403;
diff --git a/debian/patches/series b/debian/patches/series
index 0809eba0..3d371172 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
0001-linked-js-css-fonts-removed-from-make.patch
+0002-remove-file-serve-ownership-restrictions-for-root.patch