diff options
| author | Jo-Philipp Wich <jo@mein.io> | 2019-08-30 07:50:43 +0200 |
|---|---|---|
| committer | John Crispin <john@phrozen.org> | 2019-08-30 13:58:50 +0200 |
| commit | 22be9a1c0173a232d651059d84145bb6f51d3f67 (patch) | |
| tree | 331b2d17488e7174e9dac68032a24164b4c0dc45 /net/cgi-io/Makefile | |
| parent | 4f43e9b388496032b20db2c782a33a7898c63eec (diff) | |
cgi-io: require whitelisting upload locations
Introduce further ACL checks to verify that the request-supplied
upload location may be written to. This prevents overwriting things
like /bin/busybox and allows to confine uploads to specific directories.
To setup the required ACLs, the following ubus command may be used
on the command line:
ubus call session grant '{
"ubus_rpc_session": "d41d8cd98f00b204e9800998ecf8427e",
"scope": "cgi-io",
"objects": [
[ "/etc/certificates/*", "write" ],
[ "/var/uploads/*", "write" ]
]
}'
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Diffstat (limited to 'net/cgi-io/Makefile')
| -rw-r--r-- | net/cgi-io/Makefile | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/cgi-io/Makefile b/net/cgi-io/Makefile index 2a734b5e5..5fff39f85 100644 --- a/net/cgi-io/Makefile +++ b/net/cgi-io/Makefile @@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=cgi-io -PKG_RELEASE:=6 +PKG_RELEASE:=7 PKG_LICENSE:=GPL-2.0+ |