search

gaenserich / hostsblock

an ad- and malware-blocking script for Linux
https://github.com/gaenserich/hostsblock
225 stars 28 forks source link

Fetch local blocklist? #81

Closed glubsy closed 6 years ago

glubsy commented 6 years ago

I have a custom list of hosts to block, which are stored in /home/user/Documents/blocked.list

I noticed hostsblock uses curl to fetch blocklists specified in the config file, but it doesn't work by adding 

blocklists=(
     'file:///home/user/Documents/blocked.list'
)

But curl cannot read the file since it's being run as user hostsblock:

$sudo -u hostsblock hostsblock -v
[...]
+ curl -v --compressed -L --connect-timeout 60 --retry 0 -z /var/lib/hostsblock/cache/file:...home.user.Documents.blocked.list file:///home/user/Documents/blocked.list -o /var/lib/hostsblock/cache/file:...home.user.Documents.blocked.list
Warning: Illegal date format for -z, --time-cond (and not a file name). 
Warning: Disabling time condition. See curl_getdate(3) for valid date syntax.
* Couldn't open file /home/user/Documents/blocked.list
* Closing connection -1
curl: (37) Couldn't open file /home/user/Documents/blocked.list
+ _curl_exit=37
+ '[' 37 -eq 0 ']'
+ _notify 1 'FAILED to refresh/download blocklist file:///home/user/Documents/blocked.list'
+ '[' 2 -ge 1 ']'
+ echo 'FAILED to refresh/download blocklist file:///home/user/Documents/blocked.list'
FAILED to refresh/download blocklist file:///home/user/Documents/blocked.list

The file is obviously not readable by user hostsblock (error 37) Is it really necessary to have hostsblock have its own user account and be run as it? I'm guessing security-wise, since it's using curl to download files and mess with system files and processes, it's best that way...

Anyway, the workaround is to place the custom block list into /var/lib/hostsblock/ and point to it in the hostsblock.conf.

blocklists=(
     'file:///var/lib/hostsblock/blocked.list'
)

Hope someone will find this "helpful".

gaenserich commented 6 years ago

Or just add your additional entries to /var/lib/hostsblock/black.list or /var/lib/hostsblock/hosts.head, both of which were included specifically for this purpose and which don't use curl.

Theoretically, you could put black.list or hosts.head anywhere you want as long their paths are readable for the 'hostsblock' user, e.g. by adding user 'hostsblock' to the selfsame group of 'user', and chmod'ng /home/user/Documents/[etc] readable (and all parent directories readable and executable) for that group. This would raise a different set of security concerns, however.

Jake van der Kolk, Ph.D. http://personal.psu.edu/jav209

Am 17.02.2018 17:19 schrieb "glubsy" notifications@github.com:

Closed #81 https://github.com/gaenserich/hostsblock/issues/81.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/gaenserich/hostsblock/issues/81#event-1479300928, or mute the thread https://github.com/notifications/unsubscribe-auth/ACHno3OzYUNeYOMgm3ee3IdXLMx1MCZ2ks5tV1BXgaJpZM4SJe7k .