diff options
| author | bndw <ben@bdw.to> | 2026-02-10 21:29:08 -0800 |
|---|---|---|
| committer | bndw <ben@bdw.to> | 2026-02-10 21:29:08 -0800 |
| commit | 47d4b3b6e4d68660e6e1e05fe2e1c0839f86e40e (patch) | |
| tree | af9b3274d2c4ef2bdcdfc1a074c52a52f8d523e3 /cmd/ship/restart.go | |
| parent | 86a9dbce8b6c067c7e94bc6ba5a078b7d85eb9ca (diff) | |
Harden security: name validation, scoped sudoers, safe.directory
- Add ValidateName() enforcing ^[a-z][a-z0-9-]{0,62}$ on all entry points
- Tighten sudoers to restrict cp sources/destinations and chown targets
- Scope git safe.directory to www-data user only (preserves CVE-2022-24765)
- Add www-data to git group and caddy to www-data group for fcgiwrap
- Fix vanity import template to use orig_uri placeholder
- Restart (not reload) services after group changes
- Add name validation to env subcommands and deploy_cmd
Diffstat (limited to 'cmd/ship/restart.go')
| -rw-r--r-- | cmd/ship/restart.go | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/cmd/ship/restart.go b/cmd/ship/restart.go index 404624a..c902adb 100644 --- a/cmd/ship/restart.go +++ b/cmd/ship/restart.go | |||
| @@ -17,6 +17,9 @@ var restartCmd = &cobra.Command{ | |||
| 17 | 17 | ||
| 18 | func runRestart(cmd *cobra.Command, args []string) error { | 18 | func runRestart(cmd *cobra.Command, args []string) error { |
| 19 | name := args[0] | 19 | name := args[0] |
| 20 | if err := validateName(name); err != nil { | ||
| 21 | return err | ||
| 22 | } | ||
| 20 | 23 | ||
| 21 | st, err := state.Load() | 24 | st, err := state.Load() |
| 22 | if err != nil { | 25 | if err != nil { |