From a7c4cb62af82bba43d0837a2e69e91eff9bb7a62 Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Sat, 16 Dec 2017 18:18:57 +0100
Subject: [PATCH] Fixed #4886 Set strict permissions for CGI and fcgi starter
 files

---
 server/plugins-available/apache2_plugin.inc.php | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
index e8b2feb7e1..1a802bcf96 100644
--- a/server/plugins-available/apache2_plugin.inc.php
+++ b/server/plugins-available/apache2_plugin.inc.php
@@ -1417,6 +1417,7 @@ class apache2_plugin {
 			//exec('chown -R '.$data['new']['system_user'].':'.$data['new']['system_group'].' '.escapeshellcmd($fastcgi_starter_path));
 			$app->system->chown($fastcgi_starter_path, $data['new']['system_user']);
 			$app->system->chgrp($fastcgi_starter_path, $data['new']['system_group']);
+			$app->system->chmod($fastcgi_starter_path, 0550);
 
 			$fcgi_tpl = new tpl();
 			$fcgi_tpl->newTemplate('php-fcgi-starter.master');
@@ -1459,7 +1460,7 @@ class apache2_plugin {
 
 			$app->log('Creating fastcgi starter script: '.$fcgi_starter_script, LOGLEVEL_DEBUG);
 
-			$app->system->chmod($fcgi_starter_script, 0755);
+			$app->system->chmod($fcgi_starter_script, 0550);
 			$app->system->chown($fcgi_starter_script, $data['new']['system_user']);
 			$app->system->chgrp($fcgi_starter_script, $data['new']['system_group']);
 
@@ -1552,7 +1553,7 @@ class apache2_plugin {
 				$app->system->mkdirpath($cgi_starter_path);
 				$app->system->chown($cgi_starter_path, $data['new']['system_user']);
 				$app->system->chgrp($cgi_starter_path, $data['new']['system_group']);
-				$app->system->chmod($cgi_starter_path, 0755);
+				$app->system->chmod($cgi_starter_path, 0550);
 
 				$app->log('Creating cgi starter script directory: '.$cgi_starter_path, LOGLEVEL_DEBUG);
 			}
@@ -1585,7 +1586,7 @@ class apache2_plugin {
 			$app->log('Creating cgi starter script: '.$cgi_starter_script, LOGLEVEL_DEBUG);
 
 
-			$app->system->chmod($cgi_starter_script, 0755);
+			$app->system->chmod($cgi_starter_script, 0550);
 			$app->system->chown($cgi_starter_script, $data['new']['system_user']);
 			$app->system->chgrp($cgi_starter_script, $data['new']['system_group']);
 
-- 
GitLab