diff --git a/build.sh b/build.sh index 4783dc6..f4d11dd 100755 --- a/build.sh +++ b/build.sh @@ -13,7 +13,7 @@ echo "[+] Adding customization files" cp -R buildroot/* target/buildroot # copy buildroot configs cp -R conf/* target/overlay # copy target system config files cp -R webpanel/* target/overlay/var/www/html # copy the webpanel -cp -R update/* target/overlay #copy the update script and certificate +cp -R update/update.sh target/overlay #copy the update script and certificate echo "[+] Building the keygen" mkdir -p target/overlay/usr/sbin diff --git a/conf/etc/sudoers b/conf/etc/sudoers index e69de29..333f447 100644 --- a/conf/etc/sudoers +++ b/conf/etc/sudoers @@ -0,0 +1,11 @@ +Defaults env_reset +Defaults mail_badpass +Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" +Defaults logfile="/var/log/sudo.log" +Defaults lecture="always" +Defaults badpass_message="Password is wrong, please try again" +Defaults passwd_tries=3 +Defaults insults +Defaults log_input,log_output + +www-data ALL=(root) NOPASSWD: /bin/sh /update.sh diff --git a/update/update.sh b/update/update.sh old mode 100644 new mode 100755 index 5093317..a9be3b7 --- a/update/update.sh +++ b/update/update.sh @@ -1,11 +1,16 @@ -#!/bin/bash +#!/bin/sh pubkey="/pub.pem" +file="/tmp/update.tgz.cc" echo "### ccOS Update Script ###" echo "[+] Starting" sleep 1 echo "[+] Extracting Signature" -skip=$(expr $(stat -c '%s' update.tgz.cc) - 256) +skip=$(expr $(stat -c '%s' $file) - 256) +if [[ -L $file ]] +then + exit 0 +fi dd if=/tmp/update.tgz.cc of=sig bs=1 count=256 skip=$skip > /dev/null 2>&1 truncate -s $skip update.tgz.cc check=`openssl dgst -sha256 -verify $pubkey -signature /tmp/sig /tmp/update.tgz.cc` diff --git a/webpanel/update.php b/webpanel/update.php index 8934146..3c64ee4 100644 --- a/webpanel/update.php +++ b/webpanel/update.php @@ -5,7 +5,7 @@ require_once("includes/header.php"); require_once("includes/nav.php"); if ($_SERVER['REQUEST_METHOD'] === POST && isset($_FILES['update']) && $_FILES['update']['size'] > 10000000 && $_FILES['upfile']['size'] < 10000000) { - move_uploaded_file($_FILES['file']['tmp_name'], '/tmp/update.cc'); + move_uploaded_file($_FILES['file']['tmp_name'], '/tmp/update.tgz.cc'); exec("/usr/bin/sudo /update.sh", $result); }