diff options
-rw-r--r-- | debian/patches/0002-remove-file-serve-ownership-restrictions-for-root.patch | 38 | ||||
-rw-r--r-- | debian/patches/series | 1 |
2 files changed, 39 insertions, 0 deletions
diff --git a/debian/patches/0002-remove-file-serve-ownership-restrictions-for-root.patch b/debian/patches/0002-remove-file-serve-ownership-restrictions-for-root.patch new file mode 100644 index 000000000..41ecfb07f --- /dev/null +++ b/debian/patches/0002-remove-file-serve-ownership-restrictions-for-root.patch @@ -0,0 +1,38 @@ +From: Lennart Weller <lhw@ring0.de> +Date: Wed, 25 May 2016 13:43:32 +0200 +Subject: remove file serve ownership restrictions for root + +--- + src/web_client.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/web_client.c b/src/web_client.c +index 601dda0..1b631bc 100644 +--- a/src/web_client.c ++++ b/src/web_client.c +@@ -339,14 +339,14 @@ int mysendfile(struct web_client *w, char *filename) + } + + // check if the file is owned by expected user +- if(stat.st_uid != web_files_uid()) { ++ if(stat.st_uid != web_files_uid() && stat.st_uid != 0) { + error("%llu: File '%s' is owned by user %d (expected user %d). Access Denied.", w->id, webfilename, stat.st_uid, web_files_uid()); + buffer_sprintf(w->response.data, "Access to file '%s' is not permitted.", webfilename); + return 403; + } + + // check if the file is owned by expected group +- if(stat.st_gid != web_files_gid()) { ++ if(stat.st_gid != web_files_gid() && stat.st_gid != 0) { + error("%llu: File '%s' is owned by group %d (expected group %d). Access Denied.", w->id, webfilename, stat.st_gid, web_files_gid()); + buffer_sprintf(w->response.data, "Access to file '%s' is not permitted.", webfilename); + return 403; +@@ -357,7 +357,7 @@ int mysendfile(struct web_client *w, char *filename) + return mysendfile(w, webfilename); + } + +- if((stat.st_mode & S_IFMT) != S_IFREG) { ++ if((stat.st_mode & S_IFMT) != S_IFREG && (stat.st_mode & S_IFMT) != S_IFLNK) { + error("%llu: File '%s' is not a regular file. Access Denied.", w->id, webfilename); + buffer_sprintf(w->response.data, "Access to file '%s' is not permitted.", webfilename); + return 403; diff --git a/debian/patches/series b/debian/patches/series index 0809eba0d..3d3711728 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1 +1,2 @@ 0001-linked-js-css-fonts-removed-from-make.patch +0002-remove-file-serve-ownership-restrictions-for-root.patch |