mirrors/nixpkgs
1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-09-11 15:08:33 +01:00
Code Issues Wiki Activity

jellyfin: fix permissions on state directory

Browse source 
Previously, all configuration and state data was accessible to all
users on the system running jellyfin. This included user passwords in
the Jellyfin database, as well as credentials for LDAP if configured.
The exact set of accessible data depends on system configuration.

Thanks to Sofie Finnes Øvrelid for reporting this issue.

Fixes: CVE-2022-32198

Co-Authored-By: Martin Weinelt <hexa@darmstadt.ccc.de>
This commit is contained in:
Linus Heckemann 2022-05-31 17:28:33 +02:00
parent 084930fa14
commit 7eab23d517
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
nixos/modules/services/misc/jellyfin.nix
View file

@ -53,7 +53,10 @@ in
User = cfg.user;
Group = cfg.group;
StateDirectory = "jellyfin";
StateDirectoryMode = "0700";
CacheDirectory = "jellyfin";
CacheDirectoryMode = "0700";
UMask = "0077";
ExecStart = "${cfg.package}/bin/jellyfin --datadir '/var/lib/${StateDirectory}' --cachedir '/var/cache/${CacheDirectory}'";
Restart = "on-failure";