[PR #40] [MERGED] Don't use SCRIPTDIR #679

New Issue

adam · 2025-12-29T01:28:25+01:00

adam commented

2025-12-29 01:28:25 +01:00

📋 Pull Request Information

Original PR: https://github.com/dehydrated-io/dehydrated/pull/40
Author: @digint
Created: 12/12/2015
Status: ✅ Merged
Merged: 12/14/2015
Merged by: @lukas2511

Base: master ← Head: no_scriptdir

📝 Commits (2)

1cd2eb2 never fallback to SCRIPTDIR, this is error-prone and confusing
1e33cfe make default PRIVATE_KEY and WELLKNOWN relative to BASEDIR, even if BASEDIR is overridden in config.sh; basic checks on BASEDIR

📊 Changes

2 files changed (+28 additions, -17 deletions)

View changed files

📝 config.sh.example (+5 -5)
📝 letsencrypt.sh (+23 -12)

📄 Description

When deploying your script, I found that you are using SCRIPTDIR as fall-back directory. This is very error-prone, and completely unnecessary (as BASEDIR defaults to SCRIPTDIR).

For security sake, NOTHING should be relative to SCRIPTDIR, not even the config.sh file location (I did not patch this as it would change the basic bahaviour).

Some further suggestions:

use only one default location for config.sh (e.g. /etc/letsencrypt.sh/config.sh), as an attacker can do nasty stuff if he gets access on any of the config locations
don't use default config if config.sh is not found, as this does most probably break things for most users

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/dehydrated-io/dehydrated/pull/40 **Author:** [@digint](https://github.com/digint) **Created:** 12/12/2015 **Status:** ✅ Merged **Merged:** 12/14/2015 **Merged by:** [@lukas2511](https://github.com/lukas2511) **Base:** `master` ← **Head:** `no_scriptdir` --- ### 📝 Commits (2) - [`1cd2eb2`](https://github.com/dehydrated-io/dehydrated/commit/1cd2eb25512b5237db73f4daedb7b251a5188c8c) never fallback to SCRIPTDIR, this is error-prone and confusing - [`1e33cfe`](https://github.com/dehydrated-io/dehydrated/commit/1e33cfe52b51fb304b59b53d35a876e7f2a9398f) make default PRIVATE_KEY and WELLKNOWN relative to BASEDIR, even if BASEDIR is overridden in config.sh; basic checks on BASEDIR ### 📊 Changes **2 files changed** (+28 additions, -17 deletions) <details> <summary>View changed files</summary> 📝 `config.sh.example` (+5 -5) 📝 `letsencrypt.sh` (+23 -12) </details> ### 📄 Description When deploying your script, I found that you are using SCRIPTDIR as fall-back directory. This is very error-prone, and completely unnecessary (as BASEDIR defaults to SCRIPTDIR). For security sake, NOTHING should be relative to SCRIPTDIR, not even the config.sh file location (I did not patch this as it would change the basic bahaviour). Some further suggestions: - use only one default location for config.sh (e.g. /etc/letsencrypt.sh/config.sh), as an attacker can do nasty stuff if he gets access on any of the config locations - don't use default config if config.sh is not found, as this does most probably break things for most users --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

adam added the pull-request label 2025-12-29 01:28:25 +01:00

adam closed this issue

2025-12-29 01:28:25 +01:00

adam referenced this issue

2025-12-29 01:29:52 +01:00

[PR #679] [CLOSED] Add missing " in hook example #895

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/dehydrated#679