The branch releng/13.4 has been updated by markj:
URL:
https://cgit.FreeBSD.org/src/commit/?id=c1c180910d4677b00c7651d72b13f63f8f1c646c
commit c1c180910d4677b00c7651d72b13f63f8f1c646c
Author: Mark Johnston <ma...@freebsd.org>
AuthorDate: 2025-01-28 14:23:06 +0000
Commit: Mark Johnston <ma...@freebsd.org>
CommitDate: 2025-01-29 17:02:44 +0000
etcupdate: Restrict access to the conflicts directory
In the window during conflict resolution, copies of installed files with
conflicts are added here with the default mode. Restrict access.
Approved by: so
Security: FreeBSD-SA-25:03.etcupdate
PR: 277470
Reviewed by: philip, jhb, emaste
Differential Revision: https://reviews.freebsd.org/D48576
(cherry picked from commit c43ae7ab4bf89c2b274c1cbefe663c456e9211d1)
(cherry picked from commit 17e935f1f327d7d4464e53f4f3d2347a51623f82)
---
usr.sbin/etcupdate/etcupdate.sh | 3 +++
1 file changed, 3 insertions(+)
diff --git a/usr.sbin/etcupdate/etcupdate.sh b/usr.sbin/etcupdate/etcupdate.sh
index 6d8f58d39c54..ed259da7420f 100755
--- a/usr.sbin/etcupdate/etcupdate.sh
+++ b/usr.sbin/etcupdate/etcupdate.sh
@@ -1561,6 +1561,9 @@ EOF
# Initialize conflicts and warnings handling.
rm -f $WARNINGS
mkdir -p $CONFLICTS
+ if ! chmod 0700 ${CONFLICTS}; then
+ panic "Unable to set permissions on conflicts directory"
+ fi
# Ignore removed files for the pre-world case. A pre-world
# update uses a stripped-down tree.
