commit: e9cf0f8d8b9b60e858f379dbfeb2d061245dfd15
parent ecfb73c41023b24db89f011c7bff6b83d90a6c10
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date: Sun, 21 Feb 2021 17:08:09 +0100
server.sh: Harden /cgi-bin/ with a chroot
Diffstat:
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/server.sh b/server.sh
@@ -11,6 +11,8 @@
# - Lastest known version of the specification: v0.14.3, November 29th 2020
export GEMDIR="/srv/gemini"
+# Disable GNU-isms in executables
+export POSIXLY_CORRECT=1
IFS=#'
' read -r line
@@ -35,8 +37,7 @@ then
then
if [ -x "$path" -a -f "$path" ]
then
- cd "${GEMDIR}/"
- env -i PATH=/var/empty/ "$query"
+ env -i PATH=/var/empty/ POSIXLY_CORRECT=1 /bin/chroot "${GEMDIR}/" "$query"
status="x$?"
else
status="50"
