Commit Diff

Commit:
8c25a0e66cb5f6ea96b120f8e80703e83a6ce85e
From:
Stefan Sperling <stsp@stsp.name>
Date:
Message:
relax repository path permission checks in gotsys-repo-create Since gotwebd can now be given read access to gotd repositories by making the directory readable for the _gotwebd group, these checks are too strict. Stop requiring a specific GID, and allow group rx bits to be set for group read access. As before, keep rejecting world/other rwx bits for safety. Read access to repositories is supposed to be managed by gotd.
Actions:
Patch | Tree
commit - d77bec5ef230c9b6f65f6e2c10ed84ffc379ae22
commit + 8c25a0e66cb5f6ea96b120f8e80703e83a6ce85e
blob - c4c4a136dcda41c4d605d1b4da5f06dc94e3517a
blob + f980296b854cbf547c8a11a1f1181d2d48906255
--- gotsysd/libexec/gotsys-repo-create/gotsys-repo-create.c
+++ gotsysd/libexec/gotsys-repo-create/gotsys-repo-create.c
@@ -473,20 +473,21 @@ main(int argc, char **argv)
 		goto done;
 	}
 
-	if (gotd_gid != sb.st_gid) {
+	if (sb.st_mode & (S_IWGRP | S_IWOTH)) {
 		error = got_error_fmt(GOT_ERR_BAD_PATH,
-		    "directory is not owned by GID %u: %s",
-		    gotd_gid, repos_path);
-		goto done;
-	}
-
-	if (sb.st_mode & (S_IRWXG | S_IRWXO)) {
-		error = got_error_fmt(GOT_ERR_BAD_PATH,
-		    "directory must only be accessible/writable by user %s: %s",
+		    "directory must only be writable by user %s: %s",
 		    username, repos_path);
 		goto done;
 	}
 
+	if (sb.st_mode & (S_IROTH | S_IXOTH)) {
+		error = got_error_fmt(GOT_ERR_BAD_PATH,
+		    "directory must not be world-readable: %s; "
+		    "chmod 750 %s or chmod 700 %s recommended",
+		    repos_path, repos_path, repos_path);
+		goto done;
+	}
+
 	if (gotsysd_imsg_compose_event(&iev, GOTSYSD_IMSG_PROG_READY, 0,
 	    -1, NULL, 0) == -1) {
 		error = got_error_from_errno("gotsysd_imsg_compose_event");