Pull request 2284: AG-32257-file-permission-mitigation

Squashed commit of the following: commit 6e0e61ec2e95a563b04a622f46c6bbe2b2e12711 Merge: e3cccc01a 5b5b39713 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Wed Oct 2 20:51:29 2024 +0300 Merge branch 'master' into AG-32257-file-permission-mitigation commit e3cccc01a9cbd382cec0fcd7f3685e43acb48424 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Wed Oct 2 19:57:32 2024 +0300 dnsforward: imp test commit 16ecebbc2fd2f4afe2bf475774af1786fa7a02c0 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Wed Oct 2 19:22:10 2024 +0300 configmigrate: imp tests commit da8777c3a7c81e17c0d08cfff4e3a9c8d2bbd649 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Wed Oct 2 18:58:46 2024 +0300 all: imp types, tests commit 58822a0ef8aa2d944a667d1ba77fe23ff52af424 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Wed Oct 2 18:28:37 2024 +0300 all: imp chlog commit 8ce81f918cc5cf43972e2045532a48c829257a2f Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Wed Oct 2 18:09:57 2024 +0300 all: improve permissions, add safe_fs_patterns
2025-05-08 00:33:00 +03:00 · 2024-10-02 21:00:15 +03:00 · 2024-10-02 21:00:15 +03:00 · 355cec1d7b
commit 355cec1d7b
parent 5b5b397132
31 changed files with 879 additions and 52 deletions
--- a/internal/home/config.go
+++ b/internal/home/config.go
@ -9,6 +9,7 @@ import (
 	"sync"

 	"github.com/AdguardTeam/AdGuardHome/internal/aghalg"
+	"github.com/AdguardTeam/AdGuardHome/internal/aghos"
 	"github.com/AdguardTeam/AdGuardHome/internal/aghtls"
 	"github.com/AdguardTeam/AdGuardHome/internal/configmigrate"
 	"github.com/AdguardTeam/AdGuardHome/internal/dhcpd"
@ -26,9 +27,15 @@ import (
 	yaml "gopkg.in/yaml.v3"
 )

-// dataDir is the name of a directory under the working one to store some
-// persistent data.
-const dataDir = "data"
+const (
+	// dataDir is the name of a directory under the working one to store some
+	// persistent data.
+	dataDir = "data"
+
+	// userFilterDataDir is the name of the directory used to store users'
+	// FS-based rule lists.
+	userFilterDataDir = "userfilters"
+)

 // logSettings are the logging settings part of the configuration file.
 type logSettings struct {
@ -520,6 +527,7 @@ func parseConfig() (err error) {

 	migrator := configmigrate.New(&configmigrate.Config{
 		WorkingDir: Context.workDir,
+		DataDir:    Context.getDataDir(),
 	})

 	var upgraded bool
@ -534,7 +542,7 @@ func parseConfig() (err error) {
 		confPath := configFilePath()
 		log.Debug("writing config file %q after config upgrade", confPath)

-		err = maybe.WriteFile(confPath, config.fileData, 0o644)
+		err = maybe.WriteFile(confPath, config.fileData, aghos.DefaultPermFile)
 		if err != nil {
 			return fmt.Errorf("writing new config: %w", err)
 		}
@ -700,7 +708,7 @@ func (c *configuration) write() (err error) {
 		return fmt.Errorf("generating config file: %w", err)
 	}

-	err = maybe.WriteFile(confPath, buf.Bytes(), 0o644)
+	err = maybe.WriteFile(confPath, buf.Bytes(), aghos.DefaultPermFile)
 	if err != nil {
 		return fmt.Errorf("writing config file: %w", err)
 	}