diff options
author | Max Kellermann <max@musicpd.org> | 2018-08-14 23:14:10 +0200 |
---|---|---|
committer | Max Kellermann <max@musicpd.org> | 2018-08-14 23:14:10 +0200 |
commit | 4ba3812baf7ec552e7b17b275380b57a51e10f52 (patch) | |
tree | e85a6b8a53fe903808564c8541e9519ff34f47e0 | |
parent | f6b3a8872398650a6ba32145eb9d59cf637bf9b7 (diff) | |
parent | 4797357fa9fe4cd9adfbbbf59288f38232ada262 (diff) |
Merge branch 'fchmod_fix' of git://github.com/1848/MPD
-rw-r--r-- | src/event/ServerSocket.cxx | 7 | ||||
-rw-r--r-- | src/net/SocketUtil.cxx | 5 | ||||
-rw-r--r-- | src/net/SocketUtil.hxx | 4 |
3 files changed, 13 insertions, 3 deletions
diff --git a/src/event/ServerSocket.cxx b/src/event/ServerSocket.cxx index 4e00ac41b..67919b913 100644 --- a/src/event/ServerSocket.cxx +++ b/src/event/ServerSocket.cxx @@ -184,6 +184,13 @@ OneServerSocket::Open() SOCK_STREAM, 0, address, 5); +#ifdef HAVE_UN + /* allow everybody to connect */ + + if (!path.IsNull()) + chmod(path.c_str(), 0666); +#endif + /* register in the EventLoop */ SetFD(_fd.Release()); diff --git a/src/net/SocketUtil.cxx b/src/net/SocketUtil.cxx index de2c25917..42962c0eb 100644 --- a/src/net/SocketUtil.cxx +++ b/src/net/SocketUtil.cxx @@ -34,11 +34,10 @@ socket_bind_listen(int domain, int type, int protocol, if (!fd.CreateNonBlock(domain, type, protocol)) throw MakeSocketError("Failed to create socket"); - #ifdef HAVE_UN if (domain == AF_UNIX) { - /* allow everybody to connect */ - fchmod(fd.Get(), 0666); + /* Prevent access until right permissions are set */ + fchmod(fd.Get(), 0); } #endif diff --git a/src/net/SocketUtil.hxx b/src/net/SocketUtil.hxx index a8ae998a4..b8a14ea4d 100644 --- a/src/net/SocketUtil.hxx +++ b/src/net/SocketUtil.hxx @@ -32,6 +32,10 @@ class SocketAddress; /** * Creates a socket listening on the specified address. This is a * shortcut for socket(), bind() and listen(). + * When a unix socket is created (domain == AF_UNIX), its + * permissions will be stripped down to prevent unauthorized + * access. The caller is responsible to apply proper permissions + * at a later point. * * Throws #std::system_error on error. * |