From 9df424a9fcc60f998430e1adff35dc0dd58bd8c5 Mon Sep 17 00:00:00 2001
From: Usman Nasir <usman@cyberpersons.com>
Date: Fri, 20 Aug 2021 20:25:28 +0500
Subject: [PATCH] =?UTF-8?q?security=20fix:=20CP-26:=20Manage=20Website=20?=
 =?UTF-8?q?=E2=80=93=20File=20Manager=20=E2=80=93=20Upload?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 install/install.py  | 10 ++++++++++
 plogical/upgrade.py | 10 ++++++++++
 2 files changed, 20 insertions(+)

diff --git a/install/install.py b/install/install.py
index 732486032..1554286df 100755
--- a/install/install.py
+++ b/install/install.py
@@ -664,6 +664,16 @@ class preFlightsChecks:
         command = 'mount -o remount,rw,hidepid=2 /proc'
         preFlightsChecks.call(command, self.distro, command, command, 1, 0, os.EX_OSERR)
 
+        ## symlink protection
+
+        writeToFile = open('/usr/lib/sysctl.d/50-default.conf', 'a')
+        writeToFile.writelines('fs.protected_hardlinks = 1\n')
+        writeToFile.writelines('fs.protected_symlinks = 1\n')
+        writeToFile.close()
+
+        command = 'sysctl --system'
+        preFlightsChecks.call(command, self.distro, command, command, 1, 0, os.EX_OSERR)
+
         ###
 
     def install_unzip(self):
diff --git a/plogical/upgrade.py b/plogical/upgrade.py
index e6c01a0da..c6c7f8eff 100755
--- a/plogical/upgrade.py
+++ b/plogical/upgrade.py
@@ -2097,6 +2097,16 @@ echo $oConfig->Save() ? 'Done' : 'Error';
             command = 'chmod 750 /usr/local/lsws/logs'
             Upgrade.executioner(command, 0)
 
+            ## symlink protection
+
+            writeToFile = open('/usr/lib/sysctl.d/50-default.conf', 'a')
+            writeToFile.writelines('fs.protected_hardlinks = 1\n')
+            writeToFile.writelines('fs.protected_symlinks = 1\n')
+            writeToFile.close()
+
+            command = 'sysctl --system'
+            Upgrade.executioner(command, 0)
+
             Upgrade.stdOut("Permissions updated.")
 
         except BaseException as msg: