Open liberodark opened 4 years ago
One solution for root force package : https://github.com/Nefelim4ag/Ananicy/pull/187
Alternative solution for deb distros: #202
The idea is to use post-install hook. Once deb package is installed, the script inside the deb package with name postinst
will be run. This script updates ownership of all ananicy files to root:root
. The package can be built from any user.
I'd say this solution is temporary just to close the security issue quickly. The proper long-term solution should be setting up a CI pipeline which will build the packages with the proper permissions automatically on each merge into master branch.
Hmm, this doesn't seem to be a problem on my Arch Linux box? I installed via the AUR package ananicy-git
.
With ls -lha /etc/ananicy.d
, I get
Permissions | Size | User | Date Modified | Name |
---|---|---|---|---|
.rw-r--r-- | 260 | root | 3 Mar 13:42 | 00-cgroups.cgroups |
drwxr-xr-x | - | root | 3 Mar 13:42 | 00-default |
.rw-r--r-- | 1.3k | root | 3 Mar 13:42 | 00-types.types |
.rw-r--r-- | 381 | root | 3 Mar 13:42 | ananicy.conf |
@Techcable, yeah, your permissions are correct.
Hi,
Have install your project great idea more easy than hands. But you use dangerous permission. When you try to see files :
Permission is user permission in /etc/ that is not possible, that open security issues.
Have switch for more security to root :
Same as :
If you want ? have possiblity to help you for that on your project.
Best Regards