fixed setting unix socket permissions

first call fchmod() to prevent TOCTTOU, then apply permissions using chmod()
author: 1848 <> 2018-08-14 22:53:19 +0200
committer: 1848 <> 2018-08-14 22:53:19 +0200
commit: 4797357fa9fe4cd9adfbbbf59288f38232ada262 (patch)
tree: d6398b782d8e3bc8cc9b9e0073643d5363d5ca93 /src/net
parent: c46483a4ab2fe0f206473f4907ec35044d18c30a (diff)
2 files changed, 6 insertions, 3 deletions
diff --git a/src/net/SocketUtil.cxx b/src/net/SocketUtil.cxx
index de2c25917..42962c0eb 100644
--- a/src/net/SocketUtil.cxx
+++ b/src/net/SocketUtil.cxx
@@ -34,11 +34,10 @@ socket_bind_listen(int domain, int type, int protocol,
 	if (!fd.CreateNonBlock(domain, type, protocol))
 		throw MakeSocketError("Failed to create socket");
 
-
 #ifdef HAVE_UN
 	if (domain == AF_UNIX) {
-		/* allow everybody to connect */
-		fchmod(fd.Get(), 0666);
+		/* Prevent access until right permissions are set */
+		fchmod(fd.Get(), 0);
 	}
 #endif
 
diff --git a/src/net/SocketUtil.hxx b/src/net/SocketUtil.hxx
index a8ae998a4..b8a14ea4d 100644
--- a/src/net/SocketUtil.hxx
+++ b/src/net/SocketUtil.hxx
@@ -32,6 +32,10 @@ class SocketAddress;
 /**
  * Creates a socket listening on the specified address.  This is a
  * shortcut for socket(), bind() and listen().
+ * When a unix socket is created (domain == AF_UNIX), its
+ * permissions will be stripped down to prevent unauthorized
+ * access. The caller is responsible to apply proper permissions
+ * at a later point.
  *
  * Throws #std::system_error on error.
  *
author	1848 <>	2018-08-14 22:53:19 +0200
committer	1848 <>	2018-08-14 22:53:19 +0200
commit	4797357fa9fe4cd9adfbbbf59288f38232ada262 (patch)
tree	d6398b782d8e3bc8cc9b9e0073643d5363d5ca93 /src/net
parent	c46483a4ab2fe0f206473f4907ec35044d18c30a (diff)