security fixes: change _access_r to _access_w

ice-client: perform del_list prior to add_list _access_w
2025-12-10 07:44:50 +01:00 · 2018-10-15 16:38:01 +02:00 · 2018-10-15 16:38:01 +02:00 · 5260f1ecfb
commit 5260f1ecfb
parent 54e25d9c59
3 changed files with 7 additions and 3 deletions
--- a/ice-client/files/ice-client.uci_default
+++ b/ice-client/files/ice-client.uci_default
@ -7,7 +7,8 @@ grep -rq "^ice:" /etc/passwd || {
 uci -q delete passwords.ice
 uci -q set passwords.ice=usertype
 uci -q set passwords.ice.password="\$WPAKEY"
-uci -q add_list passwords.ice._access_r=root
+uci -q del_list passwords.ice._access_w=root
 uci -q add_list passwords.ice._access_w=root
 uci -q commit passwords
 uci show rpcd | grep username=.*ice.* >/dev/null || {
@ -16,7 +17,7 @@ cat >> /etc/config/rpcd << EOF
 config login
 	option username 'ice'
 	option password '\$p\$ice'
-	list _access_r 'none'
+	list _access_w 'none'
 	list write 'user-user'
 	list write 'juci-broadcom-dsl'
 	list write 'juci-broadcom-dsl-admin'
--- a/netmode/files/lib/functions/netmode.sh
+++ b/netmode/files/lib/functions/netmode.sh
@ -377,7 +377,8 @@ populate_netmodes() {
 			if json_select acl; then
 				_i=1
 				while json_get_var user $_i; do
-					uci add_list netmode.$mode._access_r="$user"
+					uci del_list netmode.$mode._access_w="$user"
 					uci add_list netmode.$mode._access_w="$user"
 					_i=$((_i+1))
 				done
 				json_select ..
--- a/voice-client/files/etc/uci-defaults/99-voice_client
+++ b/voice-client/files/etc/uci-defaults/99-voice_client
@ -53,6 +53,8 @@ uci -q batch <<-EOT
        set firewall.sip=include
        set firewall.sip.path=/etc/firewall.sip
        set firewall.sip.reload=1
 	uci del_list firewall.sip._access_w="root"
 	uci add_list firewall.sip._access_w="root"
        commit firewall
 EOT