-
o@immerda.ch authored
- generally load configs only if they have correct ownership and filemask - don't use regex containing user controlled parts - drop privileges for actual chown and chmod execution... - ...since the script should generally only be allowed to chown files owned by the run_user to the sftp_user and then chmod files owned by the sftp_user - stringify yaml configs to prevent object injection
0bfd57a1