From 8230f88d803b7f2bc4a5d108d8d6b3fc22d52972 Mon Sep 17 00:00:00 2001 From: Nick Sweeting Date: Mon, 31 May 2021 19:31:42 -0400 Subject: [PATCH] change default OUTPUT_PERMISSIONS to disallow execution except on dirs --- archivebox/config.py | 2 +- archivebox/system.py | 8 +++++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/archivebox/config.py b/archivebox/config.py index 45dee650..32b90609 100644 --- a/archivebox/config.py +++ b/archivebox/config.py @@ -74,7 +74,7 @@ CONFIG_SCHEMA: Dict[str, ConfigDefaultDict] = { 'ONLY_NEW': {'type': bool, 'default': True}, 'TIMEOUT': {'type': int, 'default': 60}, 'MEDIA_TIMEOUT': {'type': int, 'default': 3600}, - 'OUTPUT_PERMISSIONS': {'type': str, 'default': '755'}, + 'OUTPUT_PERMISSIONS': {'type': str, 'default': '644'}, 'RESTRICT_FILE_NAMES': {'type': str, 'default': 'windows'}, 'URL_BLACKLIST': {'type': str, 'default': r'\.(css|js|otf|ttf|woff|woff2|gstatic\.com|googleapis\.com/css)(\?.*)?$'}, # to avoid downloading code assets as their own pages 'ENFORCE_ATOMIC_WRITES': {'type': bool, 'default': True}, diff --git a/archivebox/system.py b/archivebox/system.py index 91a51a21..028fbe8f 100644 --- a/archivebox/system.py +++ b/archivebox/system.py @@ -117,10 +117,16 @@ def chmod_file(path: str, cwd: str='.', permissions: str=OUTPUT_PERMISSIONS) -> raise Exception('Failed to chmod: {} does not exist (did the previous step fail?)'.format(path)) if not root.is_dir(): + # path is just a plain file os.chmod(root, int(OUTPUT_PERMISSIONS, base=8)) else: for subpath in Path(path).glob('**/*'): - os.chmod(subpath, int(OUTPUT_PERMISSIONS, base=8)) + if subpath.is_dir(): + # directories need execute permissions to be able to list contents + perms_with_x_allowed = OUTPUT_PERMISSIONS.replace('4', '5').replace('6', '7') + os.chmod(subpath, int(perms_with_x_allowed, base=8)) + else: + os.chmod(subpath, int(OUTPUT_PERMISSIONS, base=8)) @enforce_types