[nginx/el5] Make sure nginx directories are not world readable (#913734, #913736)

Jamie Nguyen jamielinux at fedoraproject.org
Fri Feb 22 06:52:11 UTC 2013 

commit 5f4cf85e4a859f0f079b02d6a037d2da04a93d78
Author: Jamie Nguyen <j at jamielinux.com>
Date:   Fri Feb 22 06:51:42 2013 +0000

    Make sure nginx directories are not world readable (#913734, #913736)

 nginx.spec |   22 ++++++++++++++++------
 1 files changed, 16 insertions(+), 6 deletions(-)
---
diff --git a/nginx.spec b/nginx.spec
index f41283c..2665757 100644
--- a/nginx.spec
+++ b/nginx.spec
@@ -9,7 +9,7 @@
 
 Name:           nginx
 Version:        0.8.55
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        Robust, small and high performance HTTP and reverse proxy server
 Group:          System Environment/Daemons   
 
@@ -120,8 +120,9 @@ chmod 0755 %{buildroot}%{_sbindir}/nginx
 %{__install} -p -d -m 0755 %{buildroot}%{nginx_confdir}/conf.d
 %{__install} -p -m 0644 %{SOURCE3} %{SOURCE4} %{buildroot}%{nginx_confdir}/conf.d
 %{__install} -p -m 0644 %{SOURCE6} %{buildroot}%{nginx_confdir}
-%{__install} -p -d -m 0755 %{buildroot}%{nginx_home_tmp}
-%{__install} -p -d -m 0755 %{buildroot}%{nginx_logdir}
+%{__install} -p -d -m 0700 %{buildroot}%{nginx_home}
+%{__install} -p -d -m 0700 %{buildroot}%{nginx_home_tmp}
+%{__install} -p -d -m 0700 %{buildroot}%{nginx_logdir}
 %{__install} -p -d -m 0755 %{buildroot}%{nginx_webroot}
 %{__install} -p -m 0644 %{SOURCE100} %{SOURCE101} %{SOURCE102} %{SOURCE103} %{SOURCE104} %{buildroot}%{nginx_webroot}
 
@@ -145,6 +146,12 @@ fi
 if [ $1 == 1 ]; then
     /sbin/chkconfig --add %{name}
 fi
+if [ $1 == 2 ]; then
+    # Make sure these directories are not world readable.
+    chmod 700 %{nginx_home}
+    chmod 700 %{nginx_home_tmp}
+    chmod 700 %{nginx_logdir}
+fi
 
 %preun
 if [ $1 = 0 ]; then
@@ -166,7 +173,6 @@ fi
 %{_initrddir}/%{name}
 %dir %{nginx_confdir}
 %dir %{nginx_confdir}/conf.d
-%dir %{nginx_logdir}
 %config(noreplace) %{nginx_confdir}/conf.d/*.conf
 %config(noreplace) %{nginx_confdir}/win-utf
 %config(noreplace) %{nginx_confdir}/%{name}.conf.default
@@ -188,11 +194,15 @@ fi
 %dir %{perl_vendorarch}/auto/%{name}
 %{perl_vendorarch}/%{name}.pm
 %{perl_vendorarch}/auto/%{name}/%{name}.so
-%attr(-,%{nginx_user},%{nginx_group}) %dir %{nginx_home}
-%attr(-,%{nginx_user},%{nginx_group}) %dir %{nginx_home_tmp}
+%attr(700,%{nginx_user},%{nginx_group}) %dir %{nginx_home}
+%attr(700,%{nginx_user},%{nginx_group}) %dir %{nginx_home_tmp}
+%attr(700,%{nginx_user},%{nginx_group}) %dir %{nginx_logdir}
 
 
 %changelog
+* Fri Feb 22 2013 Jamie Nguyen <jamielinux at fedoraproject.org> - 0.8.55-3
+- make sure nginx directories are not world readable (#913734, #913736)
+
 * Sat Mar 17 2012 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.8.55-2
 - patch for CVE-2012-1180

More information about the scm-commits mailing list