summaryrefslogtreecommitdiff
path: root/src/net
diff options
context:
space:
mode:
Diffstat (limited to 'src/net')
-rw-r--r--src/net/SocketUtil.cxx5
-rw-r--r--src/net/SocketUtil.hxx4
2 files changed, 6 insertions, 3 deletions
diff --git a/src/net/SocketUtil.cxx b/src/net/SocketUtil.cxx
index de2c25917..42962c0eb 100644
--- a/src/net/SocketUtil.cxx
+++ b/src/net/SocketUtil.cxx
@@ -34,11 +34,10 @@ socket_bind_listen(int domain, int type, int protocol,
if (!fd.CreateNonBlock(domain, type, protocol))
throw MakeSocketError("Failed to create socket");
-
#ifdef HAVE_UN
if (domain == AF_UNIX) {
- /* allow everybody to connect */
- fchmod(fd.Get(), 0666);
+ /* Prevent access until right permissions are set */
+ fchmod(fd.Get(), 0);
}
#endif
diff --git a/src/net/SocketUtil.hxx b/src/net/SocketUtil.hxx
index a8ae998a4..b8a14ea4d 100644
--- a/src/net/SocketUtil.hxx
+++ b/src/net/SocketUtil.hxx
@@ -32,6 +32,10 @@ class SocketAddress;
/**
* Creates a socket listening on the specified address. This is a
* shortcut for socket(), bind() and listen().
+ * When a unix socket is created (domain == AF_UNIX), its
+ * permissions will be stripped down to prevent unauthorized
+ * access. The caller is responsible to apply proper permissions
+ * at a later point.
*
* Throws #std::system_error on error.
*