Mascali/piston
1
0
Fork 0
mirror of https://github.com/engineer-man/piston.git synced 2025-04-20 20:16:26 +02:00
Code Issues Projects Releases Wiki Activity

chown directories to root, ensuring they are not writable by runners

Browse source
This commit is contained in:
Thomas Hobson 2021-05-02 20:11:55 +12:00
parent 38ab15081e
commit 8b90c12c5c
No known key found for this signature in database
GPG key ID: 9F1FD9D87950DB6F
3 changed files with 780 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

5
api/src/package.js
View file

@ -9,6 +9,8 @@ const fss = require('fs');
const cp = require('child_process');
const crypto = require('crypto');
const runtime = require('./runtime');
const chownr = require('chownr');
const util = require('util');
class Package {
@ -120,6 +122,9 @@ class Package {
await fs.write_file(path.join(this.install_path, '.env'), filtered_env);
logger.debug('Changing Ownership of package directory');
await util.promisify(chownr)(this.install_path,0,0);
logger.debug('Writing installed state to disk');
await fs.write_file(path.join(this.install_path, globals.pkg_installed_file), Date.now().toString());