etcupdate: Restrict access to the conflicts directory

In the window during conflict resolution, copies of installed files with conflicts are added here with the default mode. Restrict access. PR: 277470 Reviewed by: philip, jhb, emaste Differential Revision: https://reviews.freebsd.org/D48576 (cherry picked from commit c43ae7ab4bf89c2b274c1cbefe663c456e9211d1)
2026-02-18 18:20:26 -05:00 · 2025-01-28 14:23:06 +00:00 · 2025-01-28 14:23:06 +00:00 · 93836ff92b
commit 93836ff92b
parent cd1f435f48
1 changed files with 3 additions and 0 deletions
--- a/usr.sbin/etcupdate/etcupdate.sh
+++ b/usr.sbin/etcupdate/etcupdate.sh
@ -1611,6 +1611,9 @@ EOF
 	# Initialize conflicts and warnings handling.
 	rm -f $WARNINGS
 	mkdir -p $CONFLICTS
+	if ! chmod 0700 ${CONFLICTS}; then
+		panic "Unable to set permissions on conflicts directory"
+	fi

 	# Ignore removed files for the pre-world case.  A pre-world
 	# update uses a stripped-down tree.