mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-09-11 15:08:33 +01:00
jellyfin: fix permissions on state directory
Previously, all configuration and state data was accessible to all users on the system running jellyfin. This included user passwords in the Jellyfin database, as well as credentials for LDAP if configured. The exact set of accessible data depends on system configuration. Thanks to Sofie Finnes Øvrelid for reporting this issue. Fixes: CVE-2022-32198 Co-Authored-By: Martin Weinelt <hexa@darmstadt.ccc.de>
This commit is contained in:
parent
084930fa14
commit
7eab23d517
|
@ -53,7 +53,10 @@ in
|
|||
User = cfg.user;
|
||||
Group = cfg.group;
|
||||
StateDirectory = "jellyfin";
|
||||
StateDirectoryMode = "0700";
|
||||
CacheDirectory = "jellyfin";
|
||||
CacheDirectoryMode = "0700";
|
||||
UMask = "0077";
|
||||
ExecStart = "${cfg.package}/bin/jellyfin --datadir '/var/lib/${StateDirectory}' --cachedir '/var/cache/${CacheDirectory}'";
|
||||
Restart = "on-failure";
|
||||
|
||||
|
|
Loading…
Reference in a new issue