From: Michael Hampton <io_error@uncensored.citadel.org>
Date: Mon, 15 Mar 2004 16:39:27 +0000 (+0000)
Subject: * Multiple files: Set permissions on existing Citadel directories to prevent
X-Git-Tag: v7.86~5532
X-Git-Url: https://code.citadel.org/?a=commitdiff_plain;h=305f712021284ff9097a9048ca509fc14d677dce;p=citadel.git

* Multiple files: Set permissions on existing Citadel directories to prevent
  access to the database by local unix users to prevent direct database reads.
---

diff --git a/citadel/ChangeLog b/citadel/ChangeLog
index 7231819aa..52b7068ba 100644
--- a/citadel/ChangeLog
+++ b/citadel/ChangeLog
@@ -1,4 +1,8 @@
  $Log$
+ Revision 614.78  2004/03/15 16:39:27  error
+ * Multiple files: Set permissions on existing Citadel directories to prevent
+   access to the database by local unix users to prevent direct database reads.
+
  Revision 614.77  2004/03/15 16:36:50  error
  * Multiple files:  Convert most remaining client code to use new Citadel IPC
    functions.  A few bits remain and will be converted when the chat system
@@ -5510,3 +5514,4 @@ Sat Jul 11 00:20:48 EDT 1998 Nathan Bryant <bryant@cs.usm.maine.edu>
 
 Fri Jul 10 1998 Art Cancro <ajc@uncensored.citadel.org>
 	* Initial CVS import
+
diff --git a/citadel/database_sleepycat.c b/citadel/database_sleepycat.c
index 3a5a04ee8..778ba6a7a 100644
--- a/citadel/database_sleepycat.c
+++ b/citadel/database_sleepycat.c
@@ -294,6 +294,7 @@ void open_databases(void)
          * already there, no problem.
          */
 	mkdir(dbdirname, 0700);
+	chmod(dbdirname, 0700);
 
 	lprintf(CTDL_DEBUG, "cdb_*: Setting up DB environment\n");
 	db_env_set_func_yield(sched_yield);
diff --git a/citadel/setup.c b/citadel/setup.c
index 6980d7b30..b69e06334 100644
--- a/citadel/setup.c
+++ b/citadel/setup.c
@@ -992,12 +992,19 @@ NEW_INST:
 	write_config_to_disk();
 
 	mkdir("info", 0700);
+	chmod("info", 0700);
 	mkdir("bio", 0700);
+	chmod("bio", 0700);
 	mkdir("userpics", 0700);
+	chmod("userpics", 0700);
 	mkdir("messages", 0700);
+	chmod("messages", 0700);
 	mkdir("help", 0700);
+	chmod("help", 0700);
 	mkdir("images", 0700);
+	chmod("images", 0700);
 	mkdir("netconfigs", 0700);
+	chmod("netconfigs", 0700);
 
 	/* Delete files and directories used by older Citadel versions */
 	system("exec /bin/rm -fr ./rooms ./chatpipes ./expressmsgs ./sessions 2>/dev/null");