From f9d08c63363c17568b1c6e505900cdbc1de4961a Mon Sep 17 00:00:00 2001
From: Sakalou Aliaksei <nullbsd@gmail.com>
Date: Mon, 11 Jan 2021 13:14:19 +0000
Subject: [PATCH 1/2] added PasswordAuthentication

very important parameter for safety. let it be set to "yes" by default, and if desired, it can be set to "no" by adding your key
---
 volumio/etc/ssh/sshd_config | 1 +
 1 file changed, 1 insertion(+)

diff --git a/volumio/etc/ssh/sshd_config b/volumio/etc/ssh/sshd_config
index 7e20a63e7..d8b5e4567 100644
--- a/volumio/etc/ssh/sshd_config
+++ b/volumio/etc/ssh/sshd_config
@@ -16,6 +16,7 @@ PubkeyAuthentication yes
 IgnoreRhosts yes
 RhostsRSAAuthentication no
 HostbasedAuthentication no
+PasswordAuthentication yes
 PermitEmptyPasswords no
 ChallengeResponseAuthentication no
 X11Forwarding yes

From 9c711a92e04b349176574e94ac10a2c2c3d43663 Mon Sep 17 00:00:00 2001
From: Sakalou Aliaksei <nullbsd@gmail.com>
Date: Mon, 11 Jan 2021 18:06:06 +0000
Subject: [PATCH 2/2] fixed critical vulnerability

You cannot set access rights 777 to any files (they can be read and overwritten by any user)! and even more so for files containing passwords (wpa-supplicant.conf).
---
 scripts/configure.sh | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/scripts/configure.sh b/scripts/configure.sh
index 4b7140686..898a48506 100755
--- a/scripts/configure.sh
+++ b/scripts/configure.sh
@@ -54,7 +54,8 @@ cp volumio/etc/motd build/$BUILD/root/etc/motd
 cp volumio/etc/ssh/sshd_config build/$BUILD/root/etc/ssh/sshd_config
 #Mpd
 cp volumio/etc/mpd.conf build/$BUILD/root/etc/mpd.conf
-chmod 777 build/$BUILD/root/etc/mpd.conf
+chown root:mpd build/$BUILD/root/etc/mpd.conf
+chmod 660 build/$BUILD/root/etc/mpd.conf
 #Log via JournalD in RAM
 cp volumio/etc/systemd/journald.conf build/$BUILD/root/etc/systemd/journald.conf
 #Volumio SystemD Services
@@ -67,10 +68,12 @@ cp -r volumio/lib build/$BUILD/root/
 cp -r volumio/etc/network/* build/$BUILD/root/etc/network
 # Wpa Supplicant
 echo " " > build/$BUILD/root/etc/wpa_supplicant/wpa_supplicant.conf
-chmod 777 build/$BUILD/root/etc/wpa_supplicant/wpa_supplicant.conf
+chown root:adm build/$BUILD/root/etc/wpa_supplicant/wpa_supplicant.conf
+chmod 660 build/$BUILD/root/etc/wpa_supplicant/wpa_supplicant.conf
 #Shairport
 cp volumio/etc/shairport-sync.conf build/$BUILD/root/etc/shairport-sync.conf
-chmod 777 build/$BUILD/root/etc/shairport-sync.conf
+chown root:shairport-sync build/$BUILD/root/etc/shairport-sync.conf
+chmod 660 build/$BUILD/root/etc/shairport-sync.conf
 #nsswitch
 cp volumio/etc/nsswitch.conf build/$BUILD/root/etc/nsswitch.conf
 #firststart