From d79f83502bd961533036a1407d4db132935a33dd Mon Sep 17 00:00:00 2001
From: Benjamin Sonntag <benjamin@sonntag.fr>
Date: Tue, 17 May 2016 15:51:33 +0200
Subject: [PATCH] [security] fix of most ownership/accessmode issues, fixes
 possible root escalation

---
 debian/alternc.postinst   |  8 ++------
 debian/rules              |  4 ++++
 install/alternc.install   |  1 +
 install/upgrades/3.4.5.sh | 10 ++++++++++
 4 files changed, 17 insertions(+), 6 deletions(-)
 create mode 100644 install/upgrades/3.4.5.sh

diff --git a/debian/alternc.postinst b/debian/alternc.postinst
index 89b894c1..40be48cd 100644
--- a/debian/alternc.postinst
+++ b/debian/alternc.postinst
@@ -56,12 +56,8 @@ case "$1" in
     test -d "$VMAIL_HOME" || mkdir -p "$VMAIL_HOME"
     chown vmail:vmail "$VMAIL_HOME" 
     chown vmail:vmail "$VMAIL_HOME"/* 2>/dev/null || true # It may be empty
-    chmod u+rxw "$VMAIL_HOME" 
-    chmod u+rxw "$VMAIL_HOME"/* 2>/dev/null || true # It may be empty
-    chmod g+rxw "$VMAIL_HOME" 
-    chmod g+rxw "$VMAIL_HOME"/* 2>/dev/null || true # It may be empty
-
-    chown alterncpanel:alterncpanel "/var/lib/alternc/panel"
+    chmod 770 "$VMAIL_HOME" 
+    chmod 770 "$VMAIL_HOME"/* 2>/dev/null || true # It may be empty
 
     # build local.sh if it does not exist
     if [ ! -f $CONFIGFILE ]; then
diff --git a/debian/rules b/debian/rules
index 5888859e..55cc87f9 100755
--- a/debian/rules
+++ b/debian/rules
@@ -19,6 +19,10 @@ override_dh_install:
 	$(MAKE) install-api DESTDIR=$(CURDIR)/debian/alternc-api
 	$(MAKE) -C ssl install DESTDIR=$(CURDIR)/debian/alternc-ssl
 
+override_dh_fixperms:
+        dh_fixperms
+        chmod 700 debian/alternc/var/lib/alternc/backups
+
 %:
 	dh $@
 
diff --git a/install/alternc.install b/install/alternc.install
index 849a0f69..9ab2234d 100644
--- a/install/alternc.install
+++ b/install/alternc.install
@@ -259,6 +259,7 @@ done
 BACKUPS="$BACKUPS etc/postfix/main.cf"
 
 tar -zcf "$BACKUP_FILE" -C / $BACKUPS 2>/dev/null || true
+chmod 600 "$BACKUP_FILE"
 
 #######################################################################
 # Expand templates in the right place
diff --git a/install/upgrades/3.4.5.sh b/install/upgrades/3.4.5.sh
new file mode 100644
index 00000000..005dbe22
--- /dev/null
+++ b/install/upgrades/3.4.5.sh
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+# change ownership of the panel's file, MUST be root:root 
+# since some cron-script of AlternC are launched as root.
+
+chown -R root:root /usr/share/alternc/panel 
+
+# AlternC's backup of system files must NOT be readable but everyone !
+chmod -R og-rwx /var/lib/alternc/backups
+