travelmate: update 2.4.6-2
harden captive portal auto-login script handling:
* enforce the login-script allowlist in the backend instead of the
LuCI frontend only: canonicalize the configured path via 'readlink -f'
(defeats ../ traversal and symlink-to-interpreter tricks) and require a
regular, executable /etc/travelmate/*.login file before running it
* run the script in a noglob subshell ('set -f') so attacker-influenceable
script_args can no longer expand globs into the trusted script; field
splitting (multiple args) is preserved
* writing into /etc/travelmate/ is not covered by the luci-app-travelmate
ACL, so this limits the root-executed script to admin-placed login scripts
and closes a delegated-ACL to root command execution path.
Signed-off-by: Dirk Brenken <redacted>
git.99rst.org / openwrt-packages.git / commit